APT41's New Malware UNAPIMON Unveiled: Stealthy Cyber Espionage Threat

April 3, 2024
APT41's New Malware UNAPIMON Unveiled: Stealthy Cyber Espionage Threat
  • Cybersecurity firm Trend Micro has uncovered a new malware named UNAPIMON which is linked to the advanced Chinese hacking group APT41, known as Winnti.

  • APT41 is a state-backed entity engaged in both cyberespionage and financially driven cyberattacks, affecting a wide range of sectors internationally.

  • UNAPIMON is crafted in C++ and delivered as a DLL, utilizing Microsoft Detours for evading detection by interfering with critical API functions in child processes.

  • The malware is used by Earth Freybug, an actor associated with APT41, to circumvent Windows API monitoring, thereby avoiding discovery by antivirus systems.

  • Earth Freybug's activities include cyber espionage, supply chain attacks, and theft of trade secrets and intellectual property, targeting the US, Asia, governments, and critical infrastructures.

  • APT41 has been operational since at least 2012 and has faced charges from the US government for its involvement in widespread cyberattacks.

  • The emergence of UNAPIMON highlights the need for organizations to bolster their defenses against sophisticated cyber threats posed by groups like APT41.

Summary based on 3 sources

Get a daily email with more Tech stories

Related Stories