In the previous report “i-SOON Toolkit: What is ‘TZ’?”, the Natto Team discovered the importance of network reconnaissance work for the Chinese Public Security bureaus and companies in the information security industry that support the work. Reconnaissance – gathering information on a target – is the first step that cyber threat actors take in an operation, according to the so-called Cyber Kill Chain framework. Reconnaissance provides the threat actor with both non-technical information on the target, such as a target’s organizational details and information on personnel, and technical information, including information about the network, hosts, applications, and users. Over the years, researchers have observed and studied various reconnaissance techniques and tools commonly used in targeted attack cases. In this report, the Natto Team looks into the reconnaissance techniques and toolkit of APT41, a Chinese state-sponsored hacking group, and explores popular network reconnaissance too…