Hackers that are backed up by the Chinese government are targeting their attacks on cryptocurrency exchanges and video game companies.
According to a report made by cybersecurity company FireEye, the Chinese state cyber unit APT41 “targets industries in a manner generally aligned with China’s Five-Year economic development plans.” The company’s research team claims that “the group is also deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”
In addition to cryptocurrencies, the cyber unit targets companies from sectors such as high technology (semiconductors, batteries, and electric vehicles), software, video games, telecommunications, travel services, retail, media, education, healthcare, and pharmaceuticals.
The hackers targeted business from a variety of countries including France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States, and Hong Kong.
Further claims from the research company show that in June 2018 APT41 also sent malicious emails to a blockchain gaming startup, and in October the same year, the unit maliciously set up a version of XMRig, a Monero (XMR) mining software.
A cryptocurrency exchange was targeted in June 2018 using an email address which was previously used by the group in an espionage operation against a Taiwanese newspaper.
Additionally, FireEye has noticed a similarity between the code used in APT41’s malware from May 2016 which attacked U.S.-based game development studio and the malware employed in supply chain compromises in 2017 and 2018.
According to the report, the hacking group also sent at least one ransomware email, but some of the attacks were not ordered by the Chinese government.
“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests. The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.” –read the report.
Featured Image: Panda Security