Chinese state-sponsored hackers are attacking an array of companies, including crypto firms, according to a report by cybersecurity firm FireEye.
The attacks are being performed by a hacking collective called APT41, which was previously involved in breaching the security of video game companies for financial motives, but now working alongside the Chinese government.
The report detailed that the hackers are targeting a wide array of industries, including healthcare, high technology (semiconductors, batteries, and electric vehicles), media, pharmaceuticals, retail, software, telecommunications, travel services, education, video games, and cryptocurrencies.
Motives beyond extortion
Per the cybersecurity company, the hacker group “targets industries in a manner generally aligned with China’s Five-Year economic development plans.”
In addition, the group is also working “to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”
ATFX Thanks NHS Frontline Workers with 1k Fruit Boxes DonationGo to article >>
FireEye also detailed that it has evidence that APT41 targeted a decentralized gaming company in June 2018 by sending malicious phishing emails. Moreover, at least in one instance last year, it deployed XMRig, a Monero mining tool, on victims computers.
The group is also targeting companies across the globe, including countries like France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States, and Hong Kong.
The cybersecurity company also found code overlaps between the malware used by the group to target a US-based gaming development studio in 2016 and the malicious programs used to target supply chain companies in the following two years.
“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests,” FireEye’s report stated.
“The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.”
Meanwhile, a confidential United Nations report revealed that North Korean government-sponsored hackers have extorted $2 billion in crypto and fiats to fund the country’s weapons program.