A group of Chinese state-backed hackers is also launching financially motivated attacks for personal gain in what cybersecurity researchers call a โremarkableโ deviation from a singular focus on espionage.
Why it matters: The group, dubbed Advanced Persistent Threat 41 (APT41), is known for having targeted the healthcare, high-tech, and telecommunications sectors in 14 countries ranging from the US to Turkey and South Africa.
- The group is unique among Chinaโs state-backed hackers for its use of tools typically reserved for espionage operations in missions that fall outside state control.
โAPT41 carries out an array of financially motivated intrusions, particularly against the video game industry, including stealing source code and digital certificates, virtual currency manipulation, and attempting to deploy ransomware.โ
โCybersecurity researchers wrote in their report
Details: The researchers from cybersecurity firm FireEye said the groupโs skills gained from cybercrime activities have ultimately supported its state-sponsored operations.
- Some of APT41โs financially focused operations informed techniques later used for supply chain compromises, the researchers said.
- Meanwhile, targeting the video game industry enabled the group to develop tools and techniques that were used to infiltrate software companies to inject malware into the source code of software updates.
- FireEye said that the majority of APT41โs cybercrime operations were performed after hours, circumstantial evidence of the extracurricular nature of these activities.
- During regular working hours, the group ran operations consistent with Chinaโs national strategies, targeting chip makers and companies developing components used in autonomous vehicles, medical imaging, and the consumer market.
- Two people linked to APT41โs operations using the monikers โZhang Xuguangโ and โWolfzhiโ have previously advertised their services, indicating their availability as contractors.
- The group uses a total of 150 individual pieces of malware, FireEye said.
Context: APT41 is just one Chinese Advanced Persistent Threat group that FireEye tracks. Others include APT40, APT30, and APT19.
- These groups generally have specific areas of focus. For example, APT40 typically targets countries important to the Belt and Road Initiative, Chinaโs contentious global development strategy.
- Meanwhile, APT19 focuses on infiltrating the legal and investment sectors.
- Chinese state actors have been accused of targeting foreign firms to accelerate the countryโs progress via intellectual property theft.
