APT41 Deploys Undetected Backdoor to Harvest Cloud Credentials

📌 The China-backed advanced persistent threat (APT) group APT41 is deploying a previously undetected backdoor to harvest credentials from cloud environments, including AWS, Google Cloud, Azure, and Alibaba. The campaign employs typosquatting techniques to conceal command-and-control (C2) communications, evading detection. No specific dates, CVE IDs, or victim organizations were disclosed in the report. The attack targets cloud infrastructure but does not detail the exact method of initial access or payload delivery. The backdoor’s design focuses on stealth, enabling prolonged credential theft without triggering security alerts.