APT 41

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely state-sponsored activity. This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward. • APT41 overlaps at least partically with public reporting on group including Barium and Winnti Group, Wicked Panda . In some cases the primary observed similarity in the publicly reported Winnti activity was the use of the same malware – including HIGHNOON – across otherwise separate clusters of activity. • Previous FireEye Threat Intelligence reporting on the use of HIGHNOON and related activity was grouped together under both Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon and Mana, although we now understand this to be the work of several Chinese cyber espionage groups that share tools and digital certificates. • APT41 reflects our current understanding of what was previously reported as GREF, as well as additional indicators and activity gathered during our extensive review of our intelligence holdings. APT 41 has 2 subgroups: 1. Subgroup: Earth Longzhi 2. Subgroup: Earth Freybug Also see Earth Lusca and RedGolf .