Kaspersky: Advanced Persistent Threat (APT41) targets Southern African organisation in espionage attack

Kaspersky Managed Detection and Response experts (www.Kaspersky.co.za) have observed a cyber espionage attack on an organisation in Southern African and have linked it to the Chinese-speaking APT41 group. Although the threat actor has shown limited activity in Southern Africa, this incident reveals that the cyber attackers have targeted government IT services in one of the countries in the region, attempting to steal sensitive corporate data — including credentials, internal documents, source code, and communications.

APT (Advanced Persistent Threat) is a category of threat actors known for carrying out concerted, stealthy, and ongoing attacks against specific organisations, as opposed to opportunistic, isolated incidents that account for most cybercriminal activity. The adversaries’ techniques observed during the attack in Southern Africa allowed Kaspersky to attribute it to the Chinese-speaking APT41 group with a high confidence. The primary goal of the attack was cyber espionage, which is typical for this threat actor ...