Five Chinese hackers working for state-sponsored hacker group APT41 have been charged in the U.S. for targeting a large number of companies and individuals in multiple countries as well as pro-democracy politicians and activists in Hong Kong.
Earlier this year, cyber security firm FireEye described the activities of APT41, stating that the hacker group’s activities against organisations and individuals had spiked since January and that the group had been carrying out “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”
FireEye said in a report that APT41 abused recently disclosed flaws in software developed by Cisco, Citrix and others to try to break into scores of companies’ networks in the United States, Canada, Britain, Mexico, Saudi Arabia, Singapore and more than a dozen other countries.
Earlier today, the U.S. Department of Justice announced that five Chinese hackers working for APT41 have been charged under various laws for being behind computer intrusions “affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organisations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.”
DOJ said the state-sponsored hackers facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information and also carried out ransomware and cryptojacking schemes. Two of the five hackers also conspired with two Malaysian businessmen to profit from computer intrusions targeting the video game industry in the United States and abroad.
Malaysian authorities arrested the two businessmen earlier this month in response to an extradition request from the United States. The request was made after the U.S. District Court in Columbia issued arrest warrants for the two businessmen.
Following the court order, law enforcement authorities in the U.S. also seized hundreds of accounts, servers, domain names, and command-and-control (C2”) “dead drop” web pages used by the Chinese hackers to hack into the servers of multiple companies in several countries. Microsoft also worked with law enforcement agencies to deny the hackers access to hacking infrastructure, tools, accounts, and command and control domain names.
Three of the five Chinese hackers, namely Jiang Lizhi, Qian Chuan, and Fu Qiang, were found to be associated with a Chinese company named Chengdu 404 Network Technology. According to DOJ, the hackers used sophisticated hacking techniques to gain and maintain access to the computer networks of over a hundred companies, organisations, and individuals in the United States and in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
DOJ added that the three hackers also compromised government computer networks in India and Vietnam and targeted, but failed to compromise, government computer networks in the United Kingdom. They also targeted the network of a non-profit organization dedicated to combating global poverty with ransomware attacks.
The other two Chinese hackers, namely Zhang Haoran and Tan Dailin, conspired with Malaysian nationals Wong Ong Hua and Ling Yang Ching to conduct computer intrusion attacks targeting the video game industry in the United States, France, Japan, Singapore, and South Korea. The four actors conducted their hacking activities behind the veil of a Malaysian company named Sea Gamer Mall which was founded by Wong.
“The department of Justice has used every tool available to disrupt the illegal computer intrusions and cyber attacks by these Chinese citizens. Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China,” said Deputy Attorney General Jeffrey A. Rosen.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. Some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe. This scheme also contained a new and troubling cyber-criminal component – the targeting and utilisation of gaming platforms to both defraud video game companies and launder illicit proceeds,” said Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia.