Blackfly Chinese APT targets Asian conglomerate in materials sector

Threat Level

Actor Report

Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.

Summary

The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, has been targeting multiple subsidiaries of an Asian conglomerate operating in the materials and composites sector, suggesting that the group may be trying to steal intellectual property. Blackfly is one of the longest-known Chinese advanced persistent threat (APT) groups and has been active since at least 2010.  The group’s latest activity shows that it has been relying more on open-source tools than its usual custom malware, which helps it avoid detection and attribution.