A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for Beijing in 14 nations, cybersecurity firm FireEye said yesterday.
The company in a report said that hacking group APT41 is different from other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.
FireEye said that despite the group’s focus on financial gain, the espionage activity linked to it was more closely aligned with the behavior of state-sponsored actors.
APT41 had repeatedly gained access to game development environments, with a particular focus on in-game currency, FireEye said.
In one case, it generated tens of millions of US dollars in the game’s virtual currency, which was then credited to more than 1,000 accounts.
Some of the group’s attention to video game companies could be seen as a precursor to espionage activity, FireEye said.
In one case in 2014, it inserted malicious code into legitimate video game files to distribute malware. The group used similar methods to target supply-chain companies.
FireEye found an e-mail address used in spear-phishing attacks for a Taiwanese newspaper in 2016 and for a cryptocurrency exchange last year, suggesting e-mail reuse by APT41.
It also identified source code overlap in malware used in a 2016 attack on a US-based game development studio, and supply-chain compromises in 2017 and last year.
APT41 targets industries associated with China’s economic plans, and gathers intelligence for upcoming mergers and acquisitions or political events.
FireEye said that APT41 had targeted organizations in 14 nations over seven years — France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the US.
The sectors targeted were healthcare, tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies.
Some of the espionage-related activity included intruding on a retailer planning an unpublicized partnership with a Chinese company, targeting telecoms’ call records for data collection and sending spear-phishing e-mails to Hong Kong media organizations known for pro-democracy editorial content.
FireEye said that it assessed “with high confidence” that APT41 was attributable to Chinese working on behalf of the state, and APT41’s capabilities and targeting had widened over time, potentially putting more organizations at risk.
“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.
“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities,” it added. “Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”
South Korea has adjusted its electronic arrival card system to no longer list Taiwan as a part of China, a move that the Ministry of Foreign Affairs said would help facilitate exchanges between the two sides. South Korea previously listed “Taiwan” as “Taiwan (China)” in the drop-down menus of its online arrival card system, where people had to fill out where they came from and their next destination. The ministry had requested South Korea make a revision and said it would change South Korea’s name on Taiwan’s online immigration system from “Republic of Korea” to “Korea (South),” should the issue not be
Tainan, Taipei and New Taipei City recorded the highest fines nationwide for illegal accommodations in the first quarter of this year, with fines issued in the three cities each exceeding NT$7 million (US$220,639), Tourism Administration data showed. Among them, Taipei had the highest number of illegal short-term rental units, with 410. There were 3,280 legally registered hotels nationwide in the first quarter, down by 14 properties, or 0.43 percent, from a year earlier, likely indicating operators exiting the market, the agency said. However, the number of unregistered properties rose to 1,174, including 314 illegal hotels and 860 illegal short-term rental
ECONOMIC COERCION: Such actions are often inconsistently applied, sometimes resumed, and sometimes just halted, the Presidential Office spokeswoman said The government backs healthy and orderly cross-strait exchanges, but such arrangements should not be made with political conditions attached and never be used as leverage for political maneuvering or partisan agendas, Presidential Office spokeswoman Karen Kuo (郭雅慧) said yesterday. Kuo made the remarks after China earlier in the day announced 10 new “incentive measures” for Taiwan, following a landmark meeting between Chinese President Xi Jinping (習近平) and Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) in Beijing on Friday. The measures, unveiled by China’s Xinhua news agency, include plans to resume individual travel by residents of Shanghai and China’s Fujian
Chinese President Xi Jinping (習近平) and Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) met in Beijing yesterday, where they vowed to bring people on both sides of the Taiwan Strait closer to facilitate the “great rejuvenation of the Chinese nation.” The meeting was held in the East Hall of the Great Hall of the People, a venue typically reserved for meetings between Xi and foreign heads of state. In public remarks prior to a closed-door meeting, Xi, in his role as head of the Chinese Communist Party (CCP), said that Taiwan is historically part of China, and remains an “inalienable” and
RSS