User:TheManager16/Double Dragon (hacking group)

Techniques[edit]
The operating techniques of APT 41 are distinct, particularly in their usage of passive backdoors compared to traditional ones. While traditional backdoors utilized by other advanced persistent threats are easily detectable, this technique is often much harder to identify. Techniques applied in financially motivated APT 41 activity also include software supply-chain compromises. This has allowed them to implement injected codes into legitimate files to be distributed, which endanger other organizations by stealing data and altering systems. Sophisticated malware is often deployed as well to remain undetected while extracting data. Bootkits are also a type of malware used by the group, which is both difficult to detect and harder to find amongst other cyber espionage and cybercrime groups, making it harder for security systems to detect malicious code. They also used Deadeye launcher and Lowkey malware to perform instant reconnaissance while remaining undetected.

Spear-phishing emails are regularly utilized by APT 41 across both cyber espionage and financial attacks. The group has sent many misleading emails which attempt to take information from high-level targets after gathering personal data to increase the likelihood of success. Targets have varied from media groups for espionage activities to bitcoin exchanges for financial gain.