US charges five hackers part of Chinese state-sponsored group APT41


(Image: file photo)

The US government has filed charges today five Chinese nationals for hacking into more than 100 companies across the world part of a state-sponsored hacking group known as APT41.

ATP41’s operations were first revealed in a FireEye report published in August 2019. FireEye researchers said the group conducted both cyber-espionage for the Chinese regime but also intrusions for personal financial gain.

According to court documents, past victims included the likes of software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

US officials said the hackers stole proprietary source code, code-signing certificates, customer data, and valuable business information.

In cases where the victim did not have a value from an intelligence-gathering perspective, APT41 deployed ransomware and installed malware that mined cryptocurrency for the group’s members. The victim of the ransomware attack was identified as “a non-profit organization dedicated to combating global poverty.”

Two hackers were charged in August 2019, following the FireEye report. These charges stemmed from allegedly hacking
high technology and video gaming companies, and a United Kingdom citizen, the DOJ said.

  • Zhang Haoran (张浩然), 35
  • Tan Dailin (谭戴林), 35

Three more APT41 members were charged in a separate indictment filed last month, in August 2020. These three were charged with most of the APT41 intrusions. US officials said these three hackers were employees of Chengdu 404 Network Technology, a front company operated by PRC officials.

  • Jiang Lizhi (蒋立志), 35
  • Qian Chuan (钱川), 39
  • Fu Qiang (付强), 37,

All five APT41 hackers remain at large, and their names have been added to the FBI’s Cyber Most Wanted List.

APT41 poster

Image: FBI/DOJ

In addition, two Malaysian businessmen were also charged for conspiring with two of the APT41 hackers to profit from intrusions at video game companies. The two were arrested on Monday, September 14, by Malaysian authorities in the Malaysian city of Sitiawan.

The two have been identified as Wong Ong Hua, 46, and Ling Yang Ching, 32, owners of Sea Gamer Mall, a website that sold digital currency for various online games — currency that US officials believe was sometimes provided by APT41 members illegally, following intrusions at gaming companies.

The FBI, which spearheaded the investigation, also obtained a court warrant earlier this month and seized “hundreds of accounts, servers, domain names, and command-and-control (C2) ‘dead drop’ web pages” used by APT41 in past operations.

The arrests today are part of a larger US crackdown against Chinese cyber-espionage and theft of intellectual property from US companies. US authorities previously charged three other Chinese hackers in November 2017 (believed to be part of Chinese hacker group APT3) and two other hackers in December 2018 (believed to be part of Chinese hacker group APT10).

Earlier this year, the FBI said it was investigating more than 1,000 cases of Chinese theft of US technology.

“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the Department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said Assistant Attorney
General John C. Demers.

“Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China,” added Deputy Attorney General Jeffrey A. Rosen.

Developing story. Updates will follow

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published.