APT41
High ConfidenceHigh ThreatDouble Dragon • Winnti • BARIUM • Wicked Panda • Bronze Atlas • Red Kelpie
APT41, also known by various aliases such as Double Dragon, Winnti, and Barium, is a prolific and highly skilled threat actor with strong evidence of ties to the Chinese state. The group is unique in its dual mission of conducting state-sponsored espionage for strategic intelligence gathering while simultaneously engaging in financially motivated cybercrime for personal enrichment. Active since at least 2012, APT41 has demonstrated a remarkable ability to adapt its tactics, techniques, and procedures (TTPs) to a wide array of targets across numerous sectors, making it one of the most versatile and persistent threats in the cyber landscape. The group's espionage activities are often aligned with China's national and economic interests, targeting industries such as healthcare, telecommunications, technology, and defense to acquire sensitive data and intellectual property. In parallel, APT41's criminal operations have a strong focus on the video game industry, where they manipulate in-game economies, steal virtual currencies, and deploy ransomware. This blend of espionage and cybercrime, often conducted by the same individuals using overlapping infrastructure and toolsets, distinguishes APT41 from many other state-sponsored groups and highlights a potential trend of state-sanctioned actors moonlighting for personal financial gain. APT41's operational tempo is characterized by...
APT41, also known by various aliases such as Double Dragon, Winnti, and Barium, is a prolific and highly skilled threat actor with strong evidence of ties to the Chinese state. The group is unique in its dual mission of conducting state-sponsored espionage for strategic intelligence gathering while simultaneously engaging in financially motivated cybercrime for personal enrichment. Active since at least 2012, APT41 has demonstrated a remarkable ability to adapt its tactics, techniques, and procedures (TTPs) to a wide array of targets across numerous sectors, making it one of the most versatile and persistent threats in the cyber landscape. The group's espionage activities are often aligned with China's national and economic interests, targeting industries such as healthcare, telecommunications, technology, and defense to acquire sensitive data and intellectual property. In parallel, APT41's criminal operations have a strong focus on the video game industry, where they manipulate in-game economies, steal virtual currencies, and deploy ransomware. This blend of espionage and cybercrime, often conducted by the same individuals using overlapping infrastructure and toolsets, distinguishes APT41 from many other state-sponsored groups and highlights a potential trend of state-sanctioned actors moonlighting for personal financial gain. APT41's operational tempo is characterized by...
Target Sectors
Target Regions
Attributed to MSS (Ministry of State Security) (China). Attribution confidence: High.
Future Outlook
APT41 is expected to continue operations targeting Healthcare sectors.
First observed activity of APT41
Continued active operations