At Black Hat, security company FireEye presented information on the spying and other activities of a newly identified APT group.
APT 41 is the name of a recently discovered group of cybercriminals that was reported by security firm FireEye at this year’s Black Hat Details. For more than seven years, the group has been active in 15 countries, specializing in industries such as healthcare, hight tech, telecommunications, academia and education, the gaming and travel industries, and news companies. APT stands for “Advanced Persistent Threat” and means complex, targeted attacks.
FireEye has been watching individual members of this group for years. These initially conducted financially motivated operations and later transferred to likely state-sponsored activities. From 2014, the two motivations balanced each other. According to FireEye, this dual threat is “unique among the Chinese players we observe, and the group apparently uses personal tools that are typically used for spy campaigns, are very agile, highly skilled, and well-endowed.”
High-tech knowledge for the state, ransomware for your own wallet
To date APT 41 has apparently been targeted by companies from France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States and Hong Kong. According to FireEye, espionage activities target the healthcare, high tech, and telecommunications industries with the intent to gain strategic insights and steal intellectual property. Other cybercriminal operations focus on the video game industry, manipulating virtual currencies, and distributing ransomware.
Their “aggressive and persistent operations for both espionage and cybercrime differentiate APT41 from other players and make it a major threat to various industries,” said Sandra Joyce, Global Threat Intelligence Officer at FireEye.
FireEye’s security experts have also created profiles of 10 states involved in such machinations and identified 40 challenged industries.