Cisco and Citrix both told Reuters that they have patched the vulnerabilities that were being exploited by APT41. Citrix is also coordinating with FireEye to find “potential compromises.” Reuters reached out to Dell Technologies’ cybersecurity arm, Secureworks, which stated that the company has also seen increased activity from Chinese hackers “over the last few weeks.”
Chinese government contractors carrying out cyber attacks is nothing new, but the scope of these current initiatives is concerning. Companies in about 20 countries are being targeted, and APT41 is carrying out subsequent attacks frequently: “This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” says FireEye. “This new activity from this group shows how resourceful and how quickly they can leverage newly disclosed vulnerabilities to their advantage.” Whether the attackers are purposely taking advantage of a reduced cybersecurity workforce during the coronavirus pandemic or the timing is just a coincidence remains to be determined.