APT 41: Threat Intelligence Report and Malware Analysis
Essential information
- Published
- 10/06/2025 10:52
- Modified
- 10/06/2025 11:13
- Tags
- 2025-06-10 china cyberespionage google calendar plusdrop plusinject spear-phishing state-sponsored
- Related entities
- 10 observables, 1 intrusion sets (apt), 14 techniques (mitre), 3 malware, 5 others
Description
APT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanese government website. Their attack chain involves spear-phishing emails, malicious ZIP archives, and a three-module malware system called ToughProgress. This malware uses stealthy techniques like in-memory execution, encryption, and process hollowing to evade detection. The unique aspect of ToughProgress is its use of Google Calendar events for covert data exchange, creating a stealthy communication channel for remote command execution and data exfiltration.