FBI FLASH: Intrusion Activities of China-based Cyber Actors Associated with APT 41

The FBI has published a (TLP:WHITE) FLASH message providing technical details of cyber actors based in China, associated with APT 41, who have been indicted for computer intrusions affecting more than 100 victim companies in the U.S. and abroad. Some of the targeted victims were in the “government” industry. The FLASH describes how the actors used a wide range of tactics to gain initial access, including spear-phishing and by exploiting publicly identified security vulnerabilities, including those involving VPNs. The FLASH also provides lists of recommended mitigation measures, categorized by patch and vulnerability management, credential protection, and network hygiene and monitoring. It concludes by encourages recipients of the document to report information concerning suspicious or criminal activity to their local FBI field office of the FBI’s 24/7 Cyber Watch (CyWatch), at (855)292-3937 or Cy*****@*bi.gov.