According to a Fire Eye Threat Intelligence report, published on August 2, a Chinese espionage operator is attacking crypto firms during state-sponsored campaigns. The intelligence company “assesses with high confidence” that a hacking collective, known as APT41 (Advanced Persistent Threat 41) has moved on from financially motivated attacks of video game companies to working alongside the Chinese government.
This report by the anonymous intelligence company came into limelight by Cointelegraph. It was reported that the hacker group
“targets industries in a manner generally aligned with China’s Five-Year economic development plans.”
U.S firm Fire Eye said members of the group penetrated and spied on global tech, communications and healthcare providers for the Chinese government while using ransomware against game companies and attacking providers for personal profit.
The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns. In addition to targeted attacks of healthcare, telecoms, fintech, and film and media companies, evidence suggest APT41 has infiltrated and phished a number of firms operating in the crypto industry.
It is been reported that on June 2018, APT41 sent spear-phishing emails that prompted targets to join a crypto currency-denominated decentralized gaming platform to game studios. Again, in the same month, a crypto exchange was targeted by the same email address, reportedly operated by Tom Giardino.
Fire Eye Senior Vice-President Sandra Joyce commented, “APT41 is unique among the China-Nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be an activity for personal gain.” Fire Eye said that APT41 group used some of the same tools as another group it has previously reported on, call APT17 and Russian security from Kaspersky calls Winnti.
Current and former Western intelligence officials told Reuters Chinese hacking groups were known to pursue commercial crimes alongside their state-backed operations. , which sells cybersecurity software and services, sold one member of APT41 advertised as ‘a hacker for hire’ in 2009 and listed availability of hours outside the normal working day, circumstantial evidence of moonlighting.
In March, Kaspersky found the group hijacked Asus’ software update process to reach more than one million computers, again targeting a much smaller number of end-users. Asus, the following day said it had issued a fix for the attack, which affected “a small number of devices.”
“We have evidence that at least one telecom company may have been the intended target during the Asus compromise, which is consistent with APT41’s espionage targeting over the past two years,”
said FireEye spokesman Dan Wire.
But FireEye and Slovakia-based cybersecurity company ESET(commonly known as NOD32 Antivirus) said that the gaming compromises aligned with financial motives more than national espionage.
Furthermore, in at least one instance, the hacking group deployed malicious code that uploads a monero mining boot on a target’s computer, in what is developing into a common form of cyber extortion.