CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
SESSION
09/22 09:30 - 10:00 Threat Research Forum
Threat Intelligence: APT41's New Subgroup? Dissecting Chinese APT "Tianwu" Latest Operations in the APAC Region
APT41 (aka Winnti, Amoeba) is a notorious Chinese APT group. In recent years, TeamT5 CTI team observes that the group has developed into multiple subgroups, including Fishmaster (TAG-22), GroupCC (APT17), etc. APT41's evolution is sophisticated and complex, and it has posed a serious threat to companies in the APAC region. In this talk, we will cover an emerging Chinese APT group named "Tianwu," which was first spotted in 2020. We found that there are several TTPs overlap between Tianwu and APT41. Tianwu's proprietary tool, Pangolin8RAT, is a modular trojan that supports at least 8 communication protocols. Based on this feature, we named the group as "Tianwu," which is a beast with eight human heads in Chinese mythology. From 2020 to 2021, we have observed Tianwu leveraging Pangolin8RAT to snipe at online gaming/gambling industry, transportation, telecom, and government in the APAC region. Our talk will also provide our outlook on the group's future development as well as actionable intelligence for enterprises.
SPEAKER
Silvia Yeh works as a Cyber Threat Analyst at TeamT5 CTI team. Her research interests include: OSINT, China's cyber policies, as well as Advanced Persistent Threats (APTs) and Information Operations targeting the APAC region. She has given presentations at international conferences including Black Hat Asia, SANS CTI Summit 2022, CODE BLUE 2021, HITCON Pacific 2021, etc.
Leon Chang is a Cyber Security Researcher at TeamT5 CTI team. His major areas of research include APT campaign tracking and malware analysis. He has participated in information security diagnosis services for government and financial institutions as well as research on vulnerabilities in IoT devices in the past. He has also been a speaker at international conferences, including Black Hat Asia, Japan Security Analyst Conference (JSAC) 2021.