A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for Beijing in 14 nations, cybersecurity firm FireEye said yesterday.
The company in a report said that hacking group APT41 is different from other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.
FireEye said that despite the group’s focus on financial gain, the espionage activity linked to it was more closely aligned with the behavior of state-sponsored actors.
APT41 had repeatedly gained access to game development environments, with a particular focus on in-game currency, FireEye said.
In one case, it generated tens of millions of US dollars in the game’s virtual currency, which was then credited to more than 1,000 accounts.
Some of the group’s attention to video game companies could be seen as a precursor to espionage activity, FireEye said.
In one case in 2014, it inserted malicious code into legitimate video game files to distribute malware. The group used similar methods to target supply-chain companies.
FireEye found an e-mail address used in spear-phishing attacks for a Taiwanese newspaper in 2016 and for a cryptocurrency exchange last year, suggesting e-mail reuse by APT41.
It also identified source code overlap in malware used in a 2016 attack on a US-based game development studio, and supply-chain compromises in 2017 and last year.
APT41 targets industries associated with China’s economic plans, and gathers intelligence for upcoming mergers and acquisitions or political events.
FireEye said that APT41 had targeted organizations in 14 nations over seven years — France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the US.
The sectors targeted were healthcare, tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies.
Some of the espionage-related activity included intruding on a retailer planning an unpublicized partnership with a Chinese company, targeting telecoms’ call records for data collection and sending spear-phishing e-mails to Hong Kong media organizations known for pro-democracy editorial content.
FireEye said that it assessed “with high confidence” that APT41 was attributable to Chinese working on behalf of the state, and APT41’s capabilities and targeting had widened over time, potentially putting more organizations at risk.
“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.
“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities,” it added. “Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”
CHIP WAR: The new restrictions are expected to cut off China’s access to Taiwan’s technologies, materials and equipment essential to building AI semiconductors Taiwan has blacklisted Huawei Technologies Co (華為) and Semiconductor Manufacturing International Corp (SMIC, 中芯), dealing another major blow to the two companies spearheading China’s efforts to develop cutting-edge artificial intelligence (AI) chip technologies. The Ministry of Economic Affairs’ International Trade Administration has included Huawei, SMIC and several of their subsidiaries in an update of its so-called strategic high-tech commodities entity list, the latest version on its Web site showed on Saturday. It did not publicly announce the change. Other entities on the list include organizations such as the Taliban and al-Qaeda, as well as companies in China, Iran and elsewhere. Local companies need
CRITICISM: It is generally accepted that the Straits Forum is a CCP ‘united front’ platform, and anyone attending should maintain Taiwan’s dignity, the council said The Mainland Affairs Council (MAC) yesterday said it deeply regrets that former president Ma Ying-jeou (馬英九) echoed the Chinese Communist Party’s (CCP) “one China” principle and “united front” tactics by telling the Straits Forum that Taiwanese yearn for both sides of the Taiwan Strait to move toward “peace” and “integration.” The 17th annual Straits Forum yesterday opened in Xiamen, China, and while the Chinese Nationalist Party’s (KMT) local government heads were absent for the first time in 17 years, Ma attended the forum as “former KMT chairperson” and met with Chinese People’s Political Consultative Conference Chairman Wang Huning (王滬寧). Wang
CROSS-STRAIT: The MAC said it barred the Chinese officials from attending an event, because they failed to provide guarantees that Taiwan would be treated with respect The Mainland Affairs Council (MAC) on Friday night defended its decision to bar Chinese officials and tourism representatives from attending a tourism event in Taipei next month, citing the unsafe conditions for Taiwanese in China. The Taipei International Summer Travel Expo, organized by the Taiwan Tourism Exchange Association, is to run from July 18 to 21. China’s Taiwan Affairs Office spokeswoman Zhu Fenglian (朱鳳蓮) on Friday said that representatives from China’s travel industry were excluded from the expo. The Democratic Progressive Party government is obstructing cross-strait tourism exchange in a vain attempt to ignore the mainstream support for peaceful development
ELITE UNIT: President William Lai yesterday praised the National Police Agency’s Special Operations Group after watching it go through assault training and hostage rescue drills The US Navy regularly conducts global war games to develop deterrence strategies against a potential Chinese invasion of Taiwan, aimed at making the nation “a very difficult target to take,” US Acting Chief of Naval Operations James Kilby said on Wednesday. Testifying before the US House of Representatives Armed Services Committee, Kilby said the navy has studied the issue extensively, including routine simulations at the Naval War College. The navy is focused on five key areas: long-range strike capabilities; countering China’s command, control, communications, computers, cyber, intelligence, surveillance, reconnaissance and targeting; terminal ship defense; contested logistics; and nontraditional maritime denial tactics, Kilby
RSS