A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for Beijing in 14 nations, cybersecurity firm FireEye said yesterday.
The company in a report said that hacking group APT41 is different from other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.
FireEye said that despite the group’s focus on financial gain, the espionage activity linked to it was more closely aligned with the behavior of state-sponsored actors.
APT41 had repeatedly gained access to game development environments, with a particular focus on in-game currency, FireEye said.
In one case, it generated tens of millions of US dollars in the game’s virtual currency, which was then credited to more than 1,000 accounts.
Some of the group’s attention to video game companies could be seen as a precursor to espionage activity, FireEye said.
In one case in 2014, it inserted malicious code into legitimate video game files to distribute malware. The group used similar methods to target supply-chain companies.
FireEye found an e-mail address used in spear-phishing attacks for a Taiwanese newspaper in 2016 and for a cryptocurrency exchange last year, suggesting e-mail reuse by APT41.
It also identified source code overlap in malware used in a 2016 attack on a US-based game development studio, and supply-chain compromises in 2017 and last year.
APT41 targets industries associated with China’s economic plans, and gathers intelligence for upcoming mergers and acquisitions or political events.
FireEye said that APT41 had targeted organizations in 14 nations over seven years — France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the US.
The sectors targeted were healthcare, tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies.
Some of the espionage-related activity included intruding on a retailer planning an unpublicized partnership with a Chinese company, targeting telecoms’ call records for data collection and sending spear-phishing e-mails to Hong Kong media organizations known for pro-democracy editorial content.
FireEye said that it assessed “with high confidence” that APT41 was attributable to Chinese working on behalf of the state, and APT41’s capabilities and targeting had widened over time, potentially putting more organizations at risk.
“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.
“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities,” it added. “Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”
A signaling system malfunction disrupted high-speed rail (HSR) services beginning at 8am today, with trains temporarily reduced to three northbound and three southbound trains per hour as authorities conduct inspections. The malfunction occurred on a section of track in Miaoli County during pre-operation checks early this morning, forcing northbound and southbound trains to use a single track, the HSR operator said. The regular schedule has been replaced with three hourly trains offering only nonreserved seating in each direction, stopping at every station, it said, adding that business class cars would still have reserved seating. Departures from terminal stations are scheduled at the top
Taiwan is still in the process of assessing the possibility of recruiting workers from Eswatini, the Ministry of Foreign Affairs said yesterday, adding that its goal is to help Eswatini upgrade its vocational training centers. If there are plans to recruit workers from Eswatini, safeguarding national security, protecting public health and ensuring the employment rights of Taiwanese would be prerequisites, Department of West Asian and African Affairs Director-General Yen Chia-liang (顏嘉良) told a news conference. Key considerations would also include filling labor shortages in specific industries, and fostering bilateral professional and technical exchanges, he said. Yen was asked about the progress of labor
VERBOSE VESSELS: A CGA cutter and a China Coast Guard exchanged verbal barbs for more than a day in Taiwanese-controlled waters before the Chinese vessel left The Taiwanese and Chinese coast guards had a standoff near the strategically located Pratas Islands (Dongsha Islands, 東沙群島) in the north of the South China Sea, the Coast Guard Administration (CGA) said yesterday. The two sides engaged in intense radio exchanges over sovereignty claims during the 33-hour standoff. China Coast Guard vessel 3501 eventually left the restricted waters, 26.6 nautical miles (49.2km) west of the Pratas Islands, at 5pm yesterday, the CGA said. Lying approximately between southern Taiwan and Hong Kong, the Taiwan-controlled Pratas are seen by some security experts as vulnerable to Chinese attack due to their distance — more than
WARNING: China should stop engaging in actions that undermine regional peace and stability, as it would only build resentment among people across the Strait, the CGA said China has deployed more than 100 navy, coast guard and other vessels in waters from the Yellow Sea to the South China Sea and the western Pacific since US President Donald Trump and Chinese President Xi Jinping (習近平) met in Beijing, National Security Council Secretary-General Joseph Wu (吳釗燮) said yesterday. “In this part of the world, #China is the one & only PROBLEM wrecking the #StatusQuo & threatening regional peace & stability,” Wu wrote on X. In a separate post, he said Beijing was coercing Taiwan’s maritime domain, calling it illegal and provocative, after the Coast Guard Administration (CGA) expelled a
RSS