FireEye — a cybersecurity company — has come out to claim that Chinese state hackers are busy attacking cryptocurrency and video game enterprises.
Chinese government behind the hackings
In an Aug 2 Report, FireEye researchers stated that cyber unit APT41 (Chinese state espionage) “targets industries in a manner generally aligned with China’s Five-Year economic development plans. The group is also deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”
The unit targets industries — mostly technological ones —, including high technology (semiconductors, electric vehicles, and batteries), media, software, telecommunications, video games, cryptocurrencies, travel services, education, pharmaceuticals, retail, and healthcare.
Some the countries that have been caught in the hackers’ web include France, Italy, Japan, India, South Africa, Singapore, South Korea, Hong Kong, Myanmar, Thailand, Turkey, Switzerland, the Netherlands, the United Kingdom, and the United States.
Prominent APT41 targets
APT41 sent malicious emails to a particular blockchain gaming startup, in June 2018 and also in October last year it deployed a specific a Monero (XMR) mining tool XMRig, FireEye claims. Before the email address was used in the June 2018 malicious attack, it was utilized to carry out an espionage operation on a Taiwanese newspaper.
From FireEye observation, there was a code that overlapped APT41’s malware that targeted a U.S.-based game development studio and another malware that in 2017 and 2018, made supply-chain compromises.
Even though the Chinese state did not commission some of the attacks, the group at one occasion deployed ransomware.
The report stated:
“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests. The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.”
In June, a virus linked to a Russian hacker group was allegedly found to have affected Coincheck’s — hacked Japanese crypto exchange — employees’ personal computers.