The US cyber security company FireEye has seen an increase in online espionage by the Chinese hacking group APT41.
APT41's increased activity began in late January and lasted until mid-March. The target group was 75 organizations from various industries, including telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing and transportation. The group also targeted nonprofits, legal, real estate, travel, education, and media organizations.
In their report on APT41
“This activity is one of the most widespread campaigns we've seen from spy actors from China in recent years. While APT41 previously carried out activities with a large first entry … this scanning and exploitation has focused on a subset of our customers and appears to show a high operating speed and wide coverage requirements for APT41. “
Leveraging Recently Discovered Vulnerabilities  APT41 used known vulnerabilities in Citrix Application Delivery Controller (ADC), Cisco's routers, and Zoho's ManageEngine Desktop Central to launch attacks against target organizations.
The Citrix vulnerability was released one month prior to the start of the group's campaign during a zero day. The remote code execution vulnerability in Zoo's ManageEngine Desktop Central was announced only three days before the group used the vulnerability. Although FireEye does not have a copy of the malware that is used against Cisco routers, the company believes that APT41 developed its own malware to launch attacks against it.
FireEye gave the Chinese hacking group a name for the first time last year, but APT41 FireEye had been carrying out state-sponsored espionage for some time.
In a statement regarding CyberScoop FireEye stated that the motive for APT41's recent campaign is unknown, but there are several explanations as to why CyberTacks started on 75 organizations.
“Because of our current visibility, it is difficult to attribute a motive or intention to the activity of APT41. There are several possible explanations for the increase in activity, including the U.S.-China trade war and the COVID-19 pandemic, which is causing China to provide information on a variety of topics including trade, travel, communications, manufacturing, research, and Internationally wanting relationships. ”