Here’s something interesting. FireEye, a California-based cybersecurity company, says with “high confidence” that Chinese government hackers have been attacking crypto firms (PDF).
The hackers, called APT41, have been active since 2012 and initially targeted video game companies for financial gain. FireEye, however, claims that the group has since expanded to state-sponsored activity alongside its own financially motivated operations.
As with other state-backed operators, APT41 reportedly “targets industries in a manner generally aligned with China’s Five-Year economic development plans.” The unit has been observed attacking several verticals, including semiconductor companies, advanced computer hardware firms, electronic vehicle makers, and software developers, with the last group being “compromised in supply chain operations potentially affecting large numbers of victims.”
The group has also targeted cryptocurrencies, including at least one case in which there was a connection between cryptocurrency and an online video gaming platform.
- In June 2018, APT41 sent spear-phishing emails using an invitation lure to join a decentralized gaming platform linked to a cryptocurrency service (Figure 5) that had positioned itself as a medium of exchange for online games and gambling sites. The malicious emails were sent from an email address listed with the name Tom Giardino, which is likely a reference to an employee at Valve, an American video game developer responsible for the software distribution platform Steam and various video games. The body of the email (Figure 6) also mentions gaming offerings. This provides another connection between the targeting of the cryptocurrency organizations and video game targeting.
- In October 2018, the group compiled an instance of XMRig, a Monero cryptocurrency mining tool, demonstrating a continued interest in cryptocurrency.
In-game virtual currencies have also been targeted by APT41. In one case, the group generated “tens of millions of dollars” of a popular game’s virtual currency, credited the money to 1,000 accounts, and then likely “sold and laundered” them in underground markets. FireEye speculates that the group resorted to extortion in one instance after it couldn’t monetize a game’s virtual currency.
APT41, according to FireEye, has targeted organizations in over a dozen countries, including France, India, Japan, Hong Kong, and the United States.
Photo: iStock