The China-linked APT41 has launched a new campaign targeting African government IT services, utilizing sophisticated malware and living-off-the-land techniques. The campaign demonstrates adaptability and complexity, blending traditional malware with trusted service abuse. #APT41 #SharePointC2
Keypoints
- APT41 targeted African government IT infrastructure with advanced malware tactics.
- The campaign involved the use of hacked SharePoint servers for command-and-control communication.
- Attackers deployed credential-stealing tools like Mimikatz and modified versions of Pillager.
- The operation blended custom malware with publicly available tools such as Cobalt Strike and Impacket.
- The threat actor adapted their tools to specific infrastructure characteristics, complicating detection efforts.
Read More: https://thehackernews.com/2025/07/china-linked-hackers-launch-targeted.html