Skip to content

ThreatFabric Uncovers Cyber Espionage Linked to State-Backed Group Misusing Mobile Payment Systems

02 October 2023


ThreatFabric, a leading security company, has revealed new and sophisticated methods, by Mobile Advanced Persistent Threat (mAPT) LightSpy. This threat was previously attributed to the state-sponsored group APT41. LightSpy targets payment systems from WeChat, allowing attackers to access payment data, monitor private communications, and perform other malicious activities. The potential impact of this campaign is huge, as millions of people in the APAC region use these payment apps. APT41 has a history of attacking the US, Australia, Pakistan, Chile, and other countries in South and Central Asia.

Han Sahin, ThreatFabric CEO, said “Mobile devices have been on the radar of APTs for a long time. The new techniques that LightSpy has developed show that they are investing heavily in their mobile capabilities.”

This is one of the rare cases of a Mobile Advanced Persistent Threat (mAPT) being researched in depth. ThreatFabric researchers have published a detailed report on the incident, which provides valuable insights into the tactics, techniques, and procedures (TTPs) implemented in mAPT LightSpy, attributed to APT-41.

Han Sahin added: “As a security company, we are amazed by the level of sophistication and innovation that this mAPT demonstrates. If other hacker groups adopt the same techniques, the consequences could be disastrous. That is why we share this intelligence with the wider community.”



About ThreatFabric 

Founded in 2015 and headquartered in Amsterdam, ThreatFabric is a fast-growing fraud company and one of Europe’s thought leaders in online fraud detection and intelligence. ThreatFabric’s Fraud Risk Suite enables safe & frictionless payment journeys by integrating industry-leading threat intelligence, behavioral analytics, advanced device fingerprinting, and 10,000+ adaptive fraud indicators.


Questions or demo?