A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for Beijing in 14 nations, cybersecurity firm FireEye said yesterday.
The company in a report said that hacking group APT41 is different from other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.
FireEye said that despite the group’s focus on financial gain, the espionage activity linked to it was more closely aligned with the behavior of state-sponsored actors.
APT41 had repeatedly gained access to game development environments, with a particular focus on in-game currency, FireEye said.
In one case, it generated tens of millions of US dollars in the game’s virtual currency, which was then credited to more than 1,000 accounts.
Some of the group’s attention to video game companies could be seen as a precursor to espionage activity, FireEye said.
In one case in 2014, it inserted malicious code into legitimate video game files to distribute malware. The group used similar methods to target supply-chain companies.
FireEye found an e-mail address used in spear-phishing attacks for a Taiwanese newspaper in 2016 and for a cryptocurrency exchange last year, suggesting e-mail reuse by APT41.
It also identified source code overlap in malware used in a 2016 attack on a US-based game development studio, and supply-chain compromises in 2017 and last year.
APT41 targets industries associated with China’s economic plans, and gathers intelligence for upcoming mergers and acquisitions or political events.
FireEye said that APT41 had targeted organizations in 14 nations over seven years — France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the US.
The sectors targeted were healthcare, tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies.
Some of the espionage-related activity included intruding on a retailer planning an unpublicized partnership with a Chinese company, targeting telecoms’ call records for data collection and sending spear-phishing e-mails to Hong Kong media organizations known for pro-democracy editorial content.
FireEye said that it assessed “with high confidence” that APT41 was attributable to Chinese working on behalf of the state, and APT41’s capabilities and targeting had widened over time, potentially putting more organizations at risk.
“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.
“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities,” it added. “Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
CHINA REACTS: The patrol and reconnaissance plane ‘transited the Taiwan Strait in international airspace,’ the 7th Fleet said, while Taipei said it saw nothing unusual The US 7th Fleet yesterday said that a US Navy P-8A Poseidon flew through the Taiwan Strait, a day after US and Chinese defense heads held their first talks since November 2022 in an effort to reduce regional tensions. The patrol and reconnaissance plane “transited the Taiwan Strait in international airspace,” the 7th Fleet said in a news release. “By operating within the Taiwan Strait in accordance with international law, the United States upholds the navigational rights and freedoms of all nations.” In a separate statement, the Ministry of National Defense said that it monitored nearby waters and airspace as the aircraft
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique