THREATNOIR
Subscribe
Back to Feed
Nation-stateApr 13, 2026

APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

APT41 deploys undetected backdoor targeting AWS, Google, Azure, and Alibaba cloud credentials.

Read at source

Summary

China-backed APT41 has been observed delivering a 'zero-detection' backdoor designed to harvest cloud credentials from major cloud providers including AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud. The group is using typosquatting techniques to obscure command-and-control communications and evade detection. This campaign represents a significant threat to cloud infrastructure security across multiple vendors.

Indicators of Compromise

  • malware — APT41 zero-detection backdoor
  • mitre_attack — T1078 - Valid Accounts
  • mitre_attack — T1583.001 - Acquire Infrastructure: Domains

Entities

APT41 (threat_actor)Amazon Web Services (vendor)Google Cloud (vendor)Microsoft Azure (vendor)Alibaba Cloud (vendor)