APT41 likely behind supply chain attack to big airline heist

Security Alert
Published June 11, 2021

A security breach caused by a Chinese nation-state cyberattack in 2021 could have significant implications for the airline industry, according to security researcher Group-IB.

ADVERSARY:
INDUSTRY:
MALWARE FAMILIES:
Cobalt StrikeBadPotato
ATT&CK IDS:
T1195 – Supply Chain CompromiseT1059 – Command and Scripting InterpreterT1569.002 – Service ExecutionT1543.003 – Windows ServiceT1134 – Access Token ManipulationT1055 – Process InjectionT1070 – Indicator Removal on HostT1550 – Use Alternate Authentication MaterialT1021 – Remote ServicesT1003 – OS Credential DumpingT1046 – Network Service ScanningT1005 – Data from Local SystemT1071.004 – DNST1029 – Scheduled TransferT1550.002 – Pass the HashT1021.002 – SMB/Windows Admin SharesT1070.004 – File DeletionT1055.012 – Process Hollowing

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.