Chinese state hackers are performing attacks against cryptocurrency and video game enterprises, cybersecurity company FireEye claims in a report published on Aug. 2.
Chinese government facilitating hacking operations
Per the report, Chinese state espionage cyber unit APT41 “targets industries in a manner generally aligned with China’s Five-Year economic development plans.” Still, FireEye researchers claim that “the group is also deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”
Industries targeted by the unit reportedly include healthcare, high technology (semiconductors, batteries, and electric vehicles), media, pharmaceuticals, retail, software, telecommunications, travel services, education, video games and cryptocurrencies.
The targeted countries include France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States and Hong Kong.
APT41 targeted a crypto exchange
FireEye claims that in June last year APT41 sent malicious emails to a blockchain gaming startup, in October 2018 the group maliciously deployed an instance of XMRig, a Monero (XMR) mining tool. An email address used in an espionage operation against a Taiwanese newspaper was reportedly later used to target a cryptocurrency exchange in June 2018.
Furthermore, FireEye claims to have found code overlaps between malware used by APT41 in May 2016 targeting of a U.S.-based game development studio and the malware observed in supply chain compromises in 2017 and 2018.
The report also notes that the group also deployed ransomware in at least one instance. Though some of the attacks were not commissioned by the Chinese state. The report says:
“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests. The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.”
As Cointelegraph reported in June, the personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin.