The cybersecurity landscape has witnessed a significant evolution in APT41's tactics, as this sophisticated Chinese threat actor shifts from high-profile supply chain attacks to more subtle, targeted operations. Recent analysis of their 2024 activities reveals concerning adaptations in their techniques, combining innovative persistence mechanisms with strategic use of open-source tools to evade detection.

The group's latest campaigns demonstrate remarkable creativity in exploiting organizational weaknesses, particularly in shared network infrastructure and Windows Component Object Model, COM, objects. Their ability to blend custom malware with publicly available tools while maintaining operational security poses unique challenges for defense teams trying to detect and prevent their intrusions.

Given APT41's history of successful compromises and their continuous tactical evolution, it's crucial for security professionals to understand their current methodologies and enhance detection capabilities accordingly.

This session, led by Georgy Kucherin, security researcher at Kaspersky, will cover:

• Analysis of APT41's latest attack techniques targeting gaming companies
• Novel persistence mechanisms using COM object redirection and New Technology File System streams
• Evolution from supply chain attacks to targeted compromises
• Practical approaches for detecting both custom implants and open-source tooling