Published on September 16th, 2020 📆 | 6723 Views ⚑0
US charges five hackers part of Chinese state-sponsored group APT41
The US government has filed charges today five Chinese nationals for hacking into more than 100 companies across the world part of a state-sponsored hacking group known as APT41.
ATP41’s operations were first revealed in a FireEye report published in August 2019. FireEye researchers said the group conducted both cyber-espionage for the Chinese regime but also intrusions for personal financial gain.
According to court documents, past victims included the likes of software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
US officials said the hackers stole proprietary source code, code-signing certificates, customer data, and valuable business information.
In cases where the victim did not have a value from an intelligence-gathering perspective, APT41 deployed ransomware and installed malware that mined cryptocurrency for the group’s members. The victim of the ransomware attack was identified as “a non-profit organization dedicated to combating global poverty.”
Two hackers were charged in August 2019, following the FireEye report. These charges stemmed from allegedly hacking
high technology and video gaming companies, and a United Kingdom citizen, the DOJ said.
- Zhang Haoran (张浩然), 35
- Tan Dailin (谭戴林), 35
Three more APT41 members were charged in a separate indictment filed last month, in August 2020. These three were charged with most of the APT41 intrusions. US officials said these three hackers were employees of Chengdu 404 Network Technology, a front company operated by PRC officials.
- Jiang Lizhi (蒋立志), 35
- Qian Chuan (钱川), 39
- Fu Qiang (付强), 37,
All five APT41 hackers remain at large, and their names have been added to the FBI’s Cyber Most Wanted List.
In addition, two Malaysian businessmen were also charged for conspiring with two of the APT41 hackers to profit from intrusions at video game companies. The two were arrested on Monday, September 14, by Malaysian authorities in the local city of Sitiawan.
The two have been identified as Wong Ong Hua, 46, and Ling Yang Ching, 32, owners of Sea Gamer Mall, a website that sold digital currency for various online games, currency that US officials believe was sometimes provided to the website illegally, following intrusions at various gaming companies.
The FBI, which spearheaded the investigation, also obtained a court warrant earlier this month and seized “hundreds of accounts, servers, domain names, and command-and-control (C2) ‘dead drop’ web pages” used by APT41 in past operations.
Developing story. Updates will follow