Kaspersky's MDR team detected a targeted attack by APT41 against government IT services in Africa. The attackers used Impacket tools, Cobalt Strike, and custom agents for lateral movement and data collection. They leveraged DLL sideloading techniques and publicly available tools like Mimikatz and RawCopy. The group established persistence through scheduled tasks and services, and exfiltrated data via a compromised SharePoint server. The attack showcased APT41's ability to adapt their tools to the target infrastructure and leverage internal services for command and control. The incident highlights the importance of comprehensive monitoring and proper privilege management in defending against sophisticated threats.