HHS OCIO HC3 TLP White Threat Briefing: APT41 and Recent Activity - September 22

Agenda

  • Overview of APT41
  • Targeting Operations
  • Indictment
  • Historical Targeting
  • Threats to Healthcare
  • Why Healthcare
  • Recent Activity
  • Popular Tools and Techniques

Overview

  • Chinese State-Sponsored Threat Actor
  • Members of APT41 have been actively tracked since 2012
  • Also Known As: Double Dragon, Barium, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie
  • Has been tracked as two separate groups; dependent on operation
  • History of targeting healthcare, high-tech, telecommunications, higher education, video games, travel, and news organizations
  • Frequently likes to use the following:
    • Spear phishing
    • Water holes
    • Supply chain attacks
    • Backdoors

View the detailed report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member
Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity
Infographics
H-ISAC TLP GREEN: Daily Cyber Headlines - April 8, 2024
Member
Other Resources
RWJ Barnabas Improves IoT Security Without Care Disruption
Advancing Health Podcast
Part Two: Cyberthreats and Assessing Third-Party Risk with Providence
Public