According to the claims of the cybersecurity firm FireEye, cyber spying activities for the Chinese government in 14 different countries had been undertaken by a group of state-sponsored hackers in China even as the group also conducted hacking for making personal gains.
The Chinese hacking group is called APT41, according to the cyber security company, adopted a different approach to the hacking activities compared to other Chinese hacking groups that are tracked by it. The company said in its report that the hackers’ group made use of non-public malware that are mostly exclusively used by spying agencies to conduct its cyber attacks on video game companies to make money.
Even though the activities of the hacking group were aimed to make financial gains, the kind of espionage activity that was undertaken by the group were more similar to the behavior exhibited by state-sponsored hackers, FireEye said.
FireEye said that the access to game development environments were repeatedly access by the APT41 that has been operating in this sphere since at least 2012. The company said that the primary focus of the cyber attacks was on in-game currency.
In one of the hacking incidents, the hacking group created tens of millions of dollars in the virtual currency section of a game and the money was later transferred to over 1,000 accounts.
According to experts of FireEye, some of the focus of the group on video game companies can be considered to be a prelude to cyber spying activities. The company said that malware was distributed in one case, that happened in 2014, of hacking by the hackers through insertion of malicious code into legitimate video game files. Companies in the supply chain of the gaming companies were similarly targeted by the group.
Industries that are related to the economic plans of China are targeted by APT41. Their activities are also aimed at gathering information about upcoming mergers and acquisitions, or political events.
Organizations in 14 different countries were targeted by APT41, FireEye said. This was done over a period of seven years and included France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK and the United States. Healthcare, high tech, media, pharmaceuticals, retail, software companies, telecoms, travel services, education, video games and virtual currencies were the sectors that the group had targeted.
The affiliation of APT41 was to Chinese nationals working on behalf of the Chinese state, and this had been assessed “with high confidence”, FireEye said. And over time, the capabilities and targeting of the group had widened, the company said, which has put many organizations at potential risk.
“APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them,” the report said.
“It is also possible that APT41 has simply evaded scrutiny from Chinese authorities. Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41.”
(Adapted from TheGuardian.com)