Advertisement

Chinese government hackers suspected of moonlighting for profit

  • Group called Advanced Persistent Threat 41 using tools typically reserved for espionage campaigns for personal gain, US cybersecurity firm FireEye says
  • While spying on global firms for Beijing, members also used ransomware against game companies and attacked cryptocurrency providers for personal profit

Reading Time:2 minutes
Why you can trust SCMP
Findings announced at the Black Hat security conference in Las Vegas show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies. Photo: Reuters

One of the most effective teams of Chinese government-backed hackers is also conducting financially motivated side operations, cybersecurity researchers said on Wednesday.

Advertisement

The US firm FireEye said members of the group it called Advanced Persistent Threat 41 (APT41) penetrated and spied on global tech, communications and health care providers for the Chinese government while using ransomware against game companies and attacking cryptocurrency providers for personal profit.

The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.

“APT41 is unique among the China-Nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain,” said FireEye senior vice-president Sandra Joyce.

US firm FireEye says some Chinese government-backed hackers appear to moonlighting for profit. Photo: Reuters
US firm FireEye says some Chinese government-backed hackers appear to moonlighting for profit. Photo: Reuters
Advertisement

Officials in China did not immediately respond to a request for comment. Beijing has repeatedly denied Western accusations of conducting widespread cyber espionage.

FireEye said the APT41 group used some of the same tools as another group it has previously reported on, which FireEye calls APT17 and Russian security firm Kaspersky calls Winnti.

Advertisement