Chinese Government Hackers Suspected of Moonlighting for Profit

According to officials, Chinese hacking groups were known to pursue commercial crimes alongside their state-backed operations.

Chinese Government Hackers Suspected of Moonlighting for Profit

US firm FireEye has said the hackers group penetrated and spied on global companies

Highlights
  • The group called APT41 is found to use espionage campaign tools
  • The findings were announced at the Black Hat security conference
  • Some of the hacking tools were used previously used by APT17 group
Advertisement

One of the most effective teams of Chinese government-backed hackers is also conducting financially-motivated side operations, cybersecurity researchers said on Wednesday.

US firm FireEye said members of the group it called Advanced Persistent Threat 41 (APT41) penetrated and spied on global tech, communications and healthcare providers for the Chinese government while using ransomware against game companies and attacking cryptocurrency providers for personal profit.

The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world's most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.

“APT41 is unique among the China-Nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain," said FireEye Senior Vice President Sandra Joyce.

Officials in China did not immediately respond to Reuters request for comment. Beijing has repeatedly denied Western accusations of conducting widespread cyber espionage.

FireEye said the APT 41 group used some of the same tools as another group it has previously reported on, which FireEye calls APT17 and Russian security firm Kaspersky calls Winnti.

Current and former Western intelligence officials told Reuters Chinese hacking groups were known to pursue commercial crimes alongside their state-backed operations.

FireEye, which sells cybersecurity software and services, said one member of APT41 advertised as a hacker for hire in 2009 and listed hours of availability outside of the normal workday, circumstantial evidence of moonlighting.

The group has used spear-phishing, or trick emails designed to elicit login information. But it has also deployed root kits, which are relatively rare and give hard-to-detect control over computers. In all, the group has used nearly 150 unique pieces of malware, FireEye said.

The most technically impressive feats included tainting millions of copies of a utility called CCleaner, now owned by security company Avast. Only a small number of specially selected, high-value computers were fully compromised, making detection of the hack more difficult.

Avast said at the it had worked with security researchers and law enforcement to stop the attack and that no damage was detected. The company did not have any immediate further comment on Wednesday.

In March, Kaspersky found the group hijacked Asus' software update process to reach more than 1 million computers, again targeting a much smaller number of end users. Asus said the next day it had issued a fix for the attack, which affected "a small number of devices."

"We have evidence that at least one telecom company may have been the intended target during the Asus compromise, which is consistent with APT41's espionage targeting over the past two years," said FireEye spokesman Dan Wire.

But FireEye and Slovakia-based cybersecurity company ESET said the gaming compromises aligned with financial motives more than national espionage. Among other things, the group won access to a game's production environment and generated tens of millions of dollars' worth of virtual currency, FireEye said.

© Thomson Reuters 2019

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Samsung Galaxy Note 10 Ditches Headphone Jack After Company’s Jabs at Jackless Rivals
AMD Lands Google, Twitter as Customers With EPYC Server Chip
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »