In addition to conducting cyber-espionage, fractions of large and state-sponsored hacking groups appear to be engaged in executing financially motivated cyber-attacks. These cybercrimes appear targeted to quite a few specific segments, but the most affected is the ever-increasing online video game industry. Individuals are reportedly a part of a larger group of prolific state-sponsored Chinese cyber-espionage operation who could be deploying the toolset and skillset to make some profit along the way, discovered researchers. The acts of cybercrime with monetary gain as the primary aim are increasing steadily as gamers increasingly shift gaming to the cloud and remote servers.
Researchers at FireEye have put together a comprehensive report on APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity. The group is strongly believed to be sponsored or supported by the Chinese administration. Researchers claim the APT41 group has been conducting persistent attacks on companies that harbor trade secrets. However, alongside conducting cyber espionage missions, the group’s members are also executing financially motivated operations. The researchers noted that some of the members were using malware that was generally reserved for espionage campaigns.
Chinese Cyber-Espionage Group APT41 Also Conducts Financially Motivated Cyber-Attacks:
State-sponsored hacking groups or persistent threat actors aren’t commonly involved in carrying out financially beneficial operations. These groups make use of highly effective “Zero Day Exploits” to deliver malware or download multiple payloads into the secure servers of international businesses. These exploits are usually quite expensive on the Dark Web, but hackers rarely procure these from exploit brokers to steal digital currency.
However, the APT41 group seems to have been indulging in digital theft in addition to conducting cyber espionage. The digital heists appear to be conducted purely for personal gains. However, the members appear to be using malware and other malicious software that wasn’t designed to target general Internet users. Simply put, the hackers are using non-public malware typically reserved for espionage campaigns. The exhaustive report by FireEye covers “historical and ongoing activity attributed to APT41, the evolution of the group’s Tactics, Techniques, And Procedures (TTPs), information on the individual actors, an overview of their malware toolset, and how these identifiers overlap with other known Chinese espionage operators.”
Today we're releasing a report on #APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel w/ financially motivated ops.
— FireEye (@FireEye) August 7, 2019
Traditionally, hackers going after digital vaults to steal money, have targeted about 15 major industry segments. Among these, the most lucrative are digital healthcare, patents and other high-tech, telecommunications, and even higher education. However, the exploding online video game industry is now an attractive target as well. In fact, the report indicates the APT41 group’s members may have started targeting the gaming industry after 2014. The group’s primary mission, however, remains cyber espionage. They are apparently helping China accelerate its ‘Made in China 2025’ mission. In other words, quite a few of the persistent threat groups that seem to originate from China are generally working towards China’s Five-Year economic development plans. Simply put, they seem to be aiding the country’s ambitions. Chine has made it amply clear that the country wants its highly industrialized national workforce and companies to start producing higher-value products and services.
How Does The APT41 Group Attack The Online Video Game Industry?
The APT41 group particularly seems interested in going after companies that are in the higher education, travel services, and news/media segment. The group also seems to be tracking high profile individuals and attempts to tap into their communications network. In the past, the group attempted to gain unauthorized access to a hotel’s reservation systems in an apparent attempt to secure the facility.
However, in addition to the aforementioned state-sponsored activities, some of the APT41 group’s members are going after the video game industry for personal financial gains. The hackers are after virtual currencies, and after observing other similar groups, the APT41 has also attempted to deploy ransomware.
Special shout out to @MrDanPerez and the rest of our Adversary Pursuit team for their years of work on #APT41. Many of the malware names listed below were coined by our team – and comprehensively reversed by @williballenthin and other members of #FLARE https://t.co/jvlg1VMQQm
— BarryV (@BarryV) August 7, 2019
Surprisingly, the group attempts to gain access to backend game production environments. The group then steals source code as well as digital certificates which are then used to sign malware. APT41 is known to use its access to production environments to inject malicious code into legitimate files. Unsuspecting victims, which include other organizations, then download these tainted files through seemingly legitimate channels. Since the files and certificates are signed, the applications are successfully installed.
What’s even more concerning is the fact that the group can reportedly move undetected within targeted networks, including pivoting between Windows and Linux systems. Moreover, APT41 limits the deployment of follow-on malware to specific victim systems by matching against individual system identifiers. Simply put, the group goes after select users, possibly with a high amount of digital currency. APT41 is believed to have 46 different types of malware, which includes backdoors, credential stealers, keyloggers, and multiple rootkits.