A Chinese Antivirus Vendor (ANVISOFT) Is Tied to a Decade-Long Hacking Spree
Members of the hacking group “APT41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally with one of its members running AV vendor Anvisoft.
We all naturally assume that our antivirus vendors are the good guys. But this news of members of APT41 being indicted, according to a news release from the U.S. DoJ, highlights that if you’re looking at using a vendor that is not one of the major established players, you might be playing with fire.
The attacks included “supply chain attacks” where legitimate software providers were compromised and their code modified to facilitate further intrusions against the software providers’ customers.
One of the members charged, Tan DaiLin, was the subject of a 2012 KrebsOnSecurity investigation about his ties to whitelisted AV vendor Anvisoft. Despite this being brought to light, DaiLin and his cohorts continued for 7 years until being initially charged in August of 2019 and then again in 2020.
The Department of Justice release makes no mention of specific involvement of the AV software, but given APT41’s use of supply chain attacks, it makes sense that they would put the same code into Anvisoft’s product to facilitate access to customer networks.
Here are your take-aways:
- Contact HAWK iSolutions Group for a free Security Assessment
- Do NOT use "free" antivirus solutions; free can cost a lot. Stick with known AV players.
- Same goes for point solutions from less-than-well-known vendors. APT41 compromised plenty of smaller software titles to gain their access. Look for reputable software.
- The bad guys are working tirelessly to gain access to and control over your network. Contact HAWK iSolutions Group to discuss a layered security strategy.
- "People" are your weakest security link. Contact HAWK iSolutions Group about on-going security training and testing.
HAWK iSolutions Group
email: contact.anvisoft@hawkisg.com
phone: (314)727-1174
