Crypto-related companies in China are being targeted by an espionage operator during various government-backed campaigns, according to a recently published FireEye Threat Intelligence report.
The intelligence firm has determined with “high confidence” that a group of hackers known as APT41 is working cooperatively with the Chinese government. Previously, APT41 members were launching financially motivated attacks on video game development firms.
APT41 Hackers Are Targeting A Wide Range of Companies
The hacking collective has reportedly been targeting industries “in a manner generally aligned with China’s five-year economic development plans,” the report revealed. APT41 members have attacked healthcare, fintech, telecommunications, and film and media firms.
Recently, the hackers began infiltrating and phishing various crypto and blockchain companies. However, the scope of the hacking group’s attacks appears to quite broad
Industries previously targeted by APT41 include those dealing in high technology such as batteries, semiconductors, and electric vehicles. The state-sponsored hackers also attacked software, pharmaceuticals, travel, education, and retail companies.
Installing Malicious Monero Mining Bots
APT41 sent out spear-phishing emails in June to various targets, prompting them to join a crypto-related gaming website in order to game studios. A digital asset exchange run by an individual named Tom Giardino has also been targeted by the same email address.
The hackers have used malicious scripts that install Monero (XMR) mining bots on victims’ computers, in what has become a common type of cyberattack.
The report also revealed that the state espionage cyber unit APT41 has been “deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”
Countries targeted by the hackers include France, Hong Kong, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the UK, and the US
Several Ransomware Attacks Launched
The report notes that APT41 members launched several ransomware attacks, some of which might not have been commissioned by the Chinese government. According to FireEye’s findings:
“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests. The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.”