A41APT (aka Stone Panda or Cicada) is behind a new slew of attacks undertaken by APT10 using previously undocumented malware. The long-running intelligence-gathering operation first came into the scene in March 2019, with activities spotted as recently as November 2020. The infection chain leverages a multi-stage attack process, with the initial intrusion happening via abuse of SSL-VPN by exploiting unpatched vulnerabilities or stolen credentials. The main stealth features are the fileless implants, obfuscation, anti-VM, and removal of activity tracks.
Source: https://thehackernews.com/2021/03/hackers-are-implanting-multiple.html