[ad_1]
BEIJING: US authorities have accused a global hacking collective known as APT41 of targeting company servers for ransom, compromising government networks and spying on Hong Kong activists.
The US Department of Justice indicted seven members of the group, including five Chinese nationals, on Wednesday (September 16).
Some experts say they are linked to the Chinese state, while others speculate that money was their only motive. What do we really know about APT41?
WHO ARE THEY?
Five members of the group were expert hackers and current or former employees of Chengdu 404 Network Technology, a company that claimed to offer legitimate “white hat” hacking services to detect vulnerabilities in customers’ computer networks.
But the firm’s work also included malicious attacks on non-client organizations, according to Justice Department documents.
Chengdu 404 says its partners include a Chinese government and university technology security adviser.
The other two accused hackers are Malaysian executives from SEA Gamer Mall, a Malaysia-based company that sells video game currency, power-ups and other game items.
WHAT ARE THEY ACCUSED OF?
The team allegedly hacked into the computers of hundreds of companies and organizations around the world, including healthcare companies, software developers and pharmaceutical and telecommunications providers.
The breaches were used to collect identities, hijack systems for ransom, and remotely use thousands of computers to mine cryptocurrencies like bitcoin.
One of the targets was a non-profit anti-poverty organization, in which hackers seized one of their computers and held the content hostage using encryption software and demanding payment to unlock it.
The group is also suspected of compromising government networks in India and Vietnam.
Additionally, he is charged with raping video game companies to steal game items to sell to gamers, according to Justice Department court documents.
HOW DID THEY WORK?
Their arsenal ranged from old-fashioned phishing emails to more sophisticated attacks on software development companies to modify their code, which then allowed them to access customer computers.
In a case documented by security company FireEye, APT41 sent emails containing malicious software to HR employees at a target company just three days after the company recovered from a previous attack by the group.
Wong Ong Hua and Ling Yang Ching, the two Malaysian businessmen, ordered their employees to create thousands of fake video game accounts to receive the virtual items stolen by APT41 before selling them, according to court documents.
IS THE CHINESE GOVERNMENT BEHIND THEM?
FireEye says the group’s orientation to industries including healthcare, telecommunications and media is “consistent with the priorities of Chinese national policy.”
APT41 collected information on pro-democracy figures in Hong Kong and a Buddhist monk from Tibet, two places where Beijing has faced political unrest.
One of the hackers, Jiang Lizhi, who worked under the alias “Blackfox”, had previously worked for a group of hackers who worked in government agencies and boasted of having close connections with the Chinese Ministry of State Security.
But many of the group’s activities appear to be motivated by financial gain and self-interest, with one hacker laughing at chat messages about the mass blackmail of wealthy victims, and the US allegations did not identify an official connection. solid.
WHERE ARE YOU NOW?
The five Chinese hackers remain at large, but the two businessmen were arrested in Malaysia on Monday after a widespread operation by the FBI and private companies, including Microsoft, to prevent hackers from using their accounts online.
The United States seeks his extradition.
None of the accused men are known to have lived in the United States, where some of their targets were located.
They chose targets outside of Malaysia and China because they believed law enforcement agencies would not be able to track them across borders, according to court documents.
