New reports are emerging that the notorious Chinese state-sponsored hacking group known by researchers as APT41 is increasingly targeting the United States healthcare sector. The Department of Health and Human Services (HHS) Cybersecurity Coordination Center has issued an alert regarding the group’s hacking activities and targets.
APT41 has targeted the healthcare sector for years – first noticed in 2014, and continuing nearly every year since. The group was first discovered by researchers back in 2012, and is on the Federal Bureau of Investigations’ Most Wanted List.
The report by HHS states that APT41 typically targets vulnerable IT and medical device software—an advanced supply chain attack—and exfiltrates valuable data such as human resources, tax information, acqusitions, and clinical trial data from biotech companies.
In 2019, APT41 targeted a U.S. cancer research facility, deploying the malware known as EVILNUGGET, and exploited the CVE-2019-3396 vulnerability.
Overall, APT41 has targeted 75 known companies and exploited Citrix, Cisco and Zoho endpoints as part of their campaigns. Most attacks are used to move laterally on target networks, such as CVE-2019-19781. This is a Citrix vulnerability which allows directory traversal, and permits access to parts of the network they normally wouldn’t.
The United States is not the only geographic target in APT41’s sights. The Chinese hacking group has conducted cyber espionage across all parts of the globe, most recently on governments in Asia and industries such as aerospace, defense firms, and telecom.
With increasing tensions in Taiwan, we anticipate APT41—and other Chinese state-sponsored hacking groups—to be as active as ever.
