A state-sponsored Chinese hacking group carried out an espionage campaign between late January and early March against a wide scale of industries in more than 20 countries, according to cyber security firm FireEye.
In research published on March 25, FireEye said its telemetry observed "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years." The APT41 group is said to have targeted vulnerabilities in Zoho's ManageEngine Desktop Central, Cisco routers, and Citrix's Application Delivery Controller at more than 75 FireEye customers.
According to FireEye, APT41 "continues to be one of the most prolific threats" that it monitors. It called the hackers "a unique state-sponsored Chinese threat group that conducts espionage," and also "conducts financially motivated activity for personal gain."
The intrusion campaign was carried out against targets in Poland, Switzerland, the UK, Mexico, Japan, the Philippines, India, the US, Canada, France and Australia, among others, the company said.
Industries such as telecommunications, defense, high technology, healthcare, banking/finance, petrochemicals, transportation, construction, manufacturing and pharmaceuticals were targeted.
FireEye noted a lull of intrusion activity during the Chinese Lunar New Year holiday period in late January, a common pattern among Chinese hackers, and during coronavirus-related quarantines imposed by China in February.
The company said the latest exploitation attempts leveraged publicly available malware, but "in previous cases APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance."