Data Driven Futures
Why do we cut corners

Chinese state hackers turn to personal gain

Written by Peter Walker
08/08/19

FireEye has identified a group of Chinese state hackers which are taking on more financially-motivated operations on the side.

The intelligence-led security company has released details of the newly-named Advanced Persistent Threat group – APT41.

“APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain – they are as agile as they are skilled and well-resourced,” said Sandra Joyce, senior vice president of global threat intelligence at FireEye.

“Their aggressive and persistent operations for both espionage and cyber crime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries.”

The group’s activity spans across 15 jurisdictions and more than seven years, targeting industries such as technology, healthcare, telecommunications, higher education, video gaming, travel and even news organisations.

FireEye has observed individual members of APT41 conducting primarily financially motivated operations since 2012 before expanding into likely state-sponsored activity. Evidence suggests that these two motivations were balanced concurrently from 2014 onward.

To date, organisations have been targeted in the following locations: the United Kingdom, United States, France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey and Hong Kong.

Tactics are shared between espionage and financial motivated operations.

Espionage campaigns have targeted medical devices and diagnostics, high-tech and telecommunications, with the purpose of collecting strategic intelligence - or as seen in the past - the theft of intellectual property.

Financially motivated cyber crime intrusions are most apparent among the video game industry, including the manipulation of virtual currencies and ransomware deployment attempts.