According to a report by cybersecurity firm FireEye a hacking collective known as APT41 is targeting a wide range of companies including crypto firms.
The hacking collective used to be involved in breaching the security of video game companies as a form of cyber racket but are now known to be backed and sponsored by the Chinese government. Among the companies targeted are firms of different industries such as healthcare, high technology (semiconductors, batteries, and electric vehicles), media, pharmaceuticals, retail, software, telecommunications, travel services, education, video games, and cryptocurrencies
It is believed, according to the report, that the hackers are targeting “industries in a manner generally aligned with China’s Five-Year economic development plans” and that they are further entrusted to gather intelligence regarding upcoming events of importance in the economic and political sphere.
Among the methods used by the hacking collective is the sending of “phishing emails”, as well as deploying Monero mining tools on the computers of victims.
The companies being targeted are spread across the globe and have headquarters in the United Kingdom, the United States, Italy, France, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Myanmar, India and Turkey.
FireEye also noted in their report that there appear to be code overlaps between the malware utilized by the collective in 2016 against a US-based gaming development studio and the attacks against supply chain companies in the following years.
What sets APT41 apart from other Chinese espionage operators, according to the report, is that they are involved in financially motivated activity which has included the use of tools otherwise used solely in campaigns in favor of state interests.
Furthermore, the report highlights that the timing of the attacks perpetrated by the hacking collective suggests that the group by and large conducts these activities outside of their normal day jobs.