Fri, Aug 09, 2019 - Page 1 News List

Chinese state hackers also ‘seeking personal gain’

The Guardian

A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for Beijing in 14 nations, cybersecurity firm FireEye said yesterday.

The company in a report said that hacking group APT41 is different from other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.

FireEye said that despite the group’s focus on financial gain, the espionage activity linked to it was more closely aligned with the behavior of state-sponsored actors.

APT41 had repeatedly gained access to game development environments, with a particular focus on in-game currency, FireEye said.

In one case, it generated tens of millions of US dollars in the game’s virtual currency, which was then credited to more than 1,000 accounts.

Some of the group’s attention to video game companies could be seen as a precursor to espionage activity, FireEye said.

In one case in 2014, it inserted malicious code into legitimate video game files to distribute malware. The group used similar methods to target supply-chain companies.

FireEye found an e-mail address used in spear-phishing attacks for a Taiwanese newspaper in 2016 and for a cryptocurrency exchange last year, suggesting e-mail reuse by APT41.

It also identified source code overlap in malware used in a 2016 attack on a US-based game development studio, and supply-chain compromises in 2017 and last year.

APT41 targets industries associated with China’s economic plans, and gathers intelligence for upcoming mergers and acquisitions or political events.

FireEye said that APT41 had targeted organizations in 14 nations over seven years — France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the US.

The sectors targeted were healthcare, tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies.

Some of the espionage-related activity included intruding on a retailer planning an unpublicized partnership with a Chinese company, targeting telecoms’ call records for data collection and sending spear-phishing e-mails to Hong Kong media organizations known for pro-democracy editorial content.

FireEye said that it assessed “with high confidence” that APT41 was attributable to Chinese working on behalf of the state, and APT41’s capabilities and targeting had widened over time, potentially putting more organizations at risk.

“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.

“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities,” it added. “Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top