Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
The emphasis on audio recording qualitatively distinguishes the new malicious operation APT41.
The Chinese APT group APT41, also known as Barium, Brass Typhoon, Bronze Atlas, Wicked Panda and Winnti, has expanded its surveillance tools with the DeepData Windows framework, according to a new report from BlackBerry.
Previously, the group used the LightSpy malware, which focused on stealing data from iOS devices. The first attacks were recorded back in 2020 against iPhone users in Hong Kong. In the following years, LightSpy's capabilities expanded significantly with Android and macOS versions, as well as destructive modules.
Now, APT41 has moved on to targets on Windows. The new DeepData framework includes 12 plugins aimed at data collection and espionage. The campaign command and control (C2) infrastructure is highly sophisticated.
DeepData aims to intercept information from communication applications such as WhatsApp, Telegram, Signal, WeChat, Outlook, DingDing, and Feishu. In addition, it collects data from browsers, password managers, and network systems, and it also has the ability to record audio from the microphone.
Sound recordings are created using the FFmpeg library and are saved in the ".acc" format for subsequent sending to the attackers' server. DeepData modules are distributed through C2 servers in the form of ZIP archives and are structured in a similar way to LightSpy — the main module and several specialized plugins.
According to BlackBerry, DeepData development began around mid-2022, with most plugins compiled during 2023. A key part of the framework was completed in March 2024, and the keylogger features were added in October.
Analysts believe that APT41 is using DeepData to attack targets in Southeast Asia, including journalists, politicians and activists. The main goal of the group is long-term intelligence gathering, with an emphasis on stealth and stability of access to devices.
Experts recommend that users strengthen the protection of their devices to avoid infection. To do this, you should regularly update operating systems and applications, use reliable antivirus programs and firewalls, and avoid downloading files from untrusted sources. Particular attention should be paid to the security of messengers and browsers - use complex passwords and enable multi-factor authentication.
Source
The Chinese APT group APT41, also known as Barium, Brass Typhoon, Bronze Atlas, Wicked Panda and Winnti, has expanded its surveillance tools with the DeepData Windows framework, according to a new report from BlackBerry.
Previously, the group used the LightSpy malware, which focused on stealing data from iOS devices. The first attacks were recorded back in 2020 against iPhone users in Hong Kong. In the following years, LightSpy's capabilities expanded significantly with Android and macOS versions, as well as destructive modules.
Now, APT41 has moved on to targets on Windows. The new DeepData framework includes 12 plugins aimed at data collection and espionage. The campaign command and control (C2) infrastructure is highly sophisticated.
DeepData aims to intercept information from communication applications such as WhatsApp, Telegram, Signal, WeChat, Outlook, DingDing, and Feishu. In addition, it collects data from browsers, password managers, and network systems, and it also has the ability to record audio from the microphone.
Sound recordings are created using the FFmpeg library and are saved in the ".acc" format for subsequent sending to the attackers' server. DeepData modules are distributed through C2 servers in the form of ZIP archives and are structured in a similar way to LightSpy — the main module and several specialized plugins.
According to BlackBerry, DeepData development began around mid-2022, with most plugins compiled during 2023. A key part of the framework was completed in March 2024, and the keylogger features were added in October.
Analysts believe that APT41 is using DeepData to attack targets in Southeast Asia, including journalists, politicians and activists. The main goal of the group is long-term intelligence gathering, with an emphasis on stealth and stability of access to devices.
Experts recommend that users strengthen the protection of their devices to avoid infection. To do this, you should regularly update operating systems and applications, use reliable antivirus programs and firewalls, and avoid downloading files from untrusted sources. Particular attention should be paid to the security of messengers and browsers - use complex passwords and enable multi-factor authentication.
Source
