Thank you for your interest in CYFIRMA. If you would like to learn more and download our material, please fill out the form here.
When the CYFIRMA research team began its work on tracking APT41, it became apparent that there is a rich history to be learned as part of any attempt to understand this APT. This history allowed us to trace the lineage of the ShadowPad modular malware kit back to the early 2000s while finding its likely exclusive use in the current day by the reformed Chinese military. This paper focus on tracking its early history, connections, and legacies to provide useful CTI context to current-day TTPs and campaigns.
