Chinese Government Hackers Launch Attack on Chinese Crypto Companies

By Rishma Banerjee

Chinese hackers, this time backed by their own Government have attacked Cryptocurrency and video game companies yet again.

The attacking unit in question this time around is the Chinese state cyber unit ATP41, which specifically “targets industries in a manner generally aligned with China’s Five-Year economic development plans.”

According to a report made by cybersecurity firm FireEye, the group also specialises in intelligence gathering before important corporate events like mergers, acquisitions and political events.

In addition to cryptocurrencies, the cyber unit targets companies from sectors such as high technology (semiconductors, batteries, and electric vehicles), software, video games, telecommunications, travel services, retail, media, education, healthcare, and pharmaceuticals.

According to multiple reports, the hackers have already targeted countries including Turkey, India, France, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, the United Kingdom, the United States, and Hong Kong.

The Chinese cyber unit has built up quite a bad reputation with its activities throughout last year. In June 2018 APT41 sent malicious emails to a blockchain gaming startup, affecting their performance; and in October of the same year, they also managed to set up a fake version of XMRig, a Monero (XMR) mining software.

A cryptocurrency exchange was targeted in June 2018 using an email address which was previously used by the group in an espionage operation against a Taiwanese newspaper.
Additionally, FireEye has noticed a similarity between the code used in APT41’s malware from May 2016 which attacked U.S.-based game development studio and the malware employed in supply chain compromises in 2017 and 2018.
According to the report, the hacking group also sent at least one ransomware email, but some of the attacks were not ordered by the Chinese government.
The report by FireEye also said the following about the government-backed hacker group:

“Unlike other observed Chinese espionage operators, APT41 conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests. The late-night to early morning activity of APT41’s financially motivated operations suggests that the group primarily conducts these activities outside of their normal day jobs.”