DARK Web Profile: APT41 describes the operation as a China-linked intrusion set that blends state-sponsored espionage with financially motivated cybercrime, a dual-track observed since reporting began noting parallel espionage and monetisation activities. The group is described as a dual-purpose operator with exploit-driven access, long dwell times, and a broad toolset, tracked under aliases including Double Dragon, Wicked Panda, BARIUM, Winnti, Bronze Atlas, and Brass Typhoon.
Activity has been observed since at least 2007 (with public profiles often noting activity since 2012) and reporting highlights that espionage and cybercrime have coexisted since at least 2014. Targets span U.S. state government networks, global shipping, technology, media and entertainment, automotive sectors, and countries including the United Kingdom, Italy, Spain, Taiwan, Thailand, Turkey, among others, with recent emphasis on phishing aimed at policy and diplomacy spheres.
Public actions and indictments have been cited, with U.S. actions in 2020 described as linking individuals to APT41-linked operations. According to SOCRadar MCP, the profile maps to a wide set of MITRE ATT&CK techniques across Initial Access, Execution, Persistence, Credential Access, Discovery, Lateral Movement, Defence Evasion, Exfiltration, and Impact, illustrating rapid weaponisation, living-off-the-land tradecraft, and long-term persistence.