FireEye announced that it was able to identify a new Chinese hacker group, which they have labeled as Advanced Persistent Threat group 41 – or APT41.
The cybersecurity company said that the cyber threat group’s activity spans across 15 jurisdictions over the past seven years and has targeted several industries, including healthcare, telecommunications, news organizations, but has targeted the video game industry particularly by stealing source code and digital certificates, manipulating virtual currency, and attempting to deploy ransomware.
FireEye calls APT41 unique because “it leverages non-public malware typically reserved for espionage operations in what appears to be activity that falls outside the scope of state-sponsored missions.”
“APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain,” Senior Vice President of Global Threat Intelligence at FireEye Sandra Joyce said. “They are as agile as they are skilled and well-resourced.”
In identifying the cyber threat group, FireEye observed individual members of APT41 since 2012, who were initially conducting financially-motivated cyberattacks, but have likely expanded to state-sponsored activity. FireEye suggests that the financially-motivated hacks and state-sponsored activity have been conducted concurrently with each other since 2014.
“Their aggressive and persistent operations for both espionage and cybercrime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries,” Joyce said.