This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
Security Magazine logo
  • MAGAZINE
    • eMagazine
    • This Month's Issue
    • Archives
  • NEWS
    • Security Newswire
    • COVID-19
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • COLUMNS
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • PHYSICAL
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • CYBER
  • SECTORS
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • EXCLUSIVES
    • The Security Benchmark Report survey
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MORE
    • Videos
      • Cybersecurity & Geopolitical Vodcast
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
    • Call for Entries
  • CONTACT
    • Advertise
    • Editorial Guidelines
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Home » US charges 5 Chinese “Apt41” actors for hacking into more than 100 companies
TechnologiesManagementCyberSecurity NewswireCyber Security News

US charges 5 Chinese “Apt41” actors for hacking into more than 100 companies

cyber data
September 17, 2020
KEYWORDS Chinese hackers / cyber security / hacking / information security / national security / risk management
Order Reprints
U.S. federal agencies revealed criminal charges against five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC). All were charged of computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
 
The intrusions, which security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information, says the Department of Justice (DOJ).  These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency. 

In August 2020, the same federal grand jury returned a third indictment charging two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad. 

“These indictments indicate how malicious actors are diversifying their tactics to attain a broader range of outcomes. In particular, breaching gaming companies to steal in-game items and currency for real-world profit rather than stealing corporate data means security teams must be sure their efforts are well-distributed across both internal and external systems," says Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile phishing solutions.  "The attackers were able to gain access to internal networks and likely moved laterally across the infrastructure to identify the most profitable items. Unauthorized access to the infrastructure often starts with a phishing attack. Threat actors will target particular employees and phish their credentials in order to get access to particular parts of the infrastructure. These days, phishing attacks primarily start outside of the traditional email channels. The primary channels are now SMS, social media platforms, third-party chat platforms, direct messages in gaming apps, and others that are primarily accessed on mobile devices.”

Zach Jones, Senior Director of Detection Research at WhiteHat Security, a San Jose, Calif.-based provider of application security, explains, “As highlighted in the recent report from the Atlantic Council, the techniques alleged to have been used by the defendants, supply chain attacks and use of publicly known exploits in commercial and open source software, continue to be popular and powerful attack vectors for threat actors, both large and small. This case, one of hundreds known publicly over the past two decades, highlights the continued need for increased focus on securing the software that our digital lives depend on. Organizations must increase their vigilance for vulnerabilities not only in their proprietary software but in the components they are composed of and the commercial software they operate to allow them to operate in the modern digital economy.”

In addition to arrest warrants for all of the charged defendants, in September 2020, the U.S. District Court for the District of Columbia issued seizure warrants that resulted in the recent seizure of hundreds of accounts, servers, domain names, and command-and-control (C2”) “dead drop” web pages used by the defendants to conduct their computer intrusion offenses. The FBI executed the warrants in coordination with other actions by several private-sector companies, which included disabling numerous accounts for violations of the companies’ terms of service.  In addition, in partnership with the department, Microsoft developed and implemented technical measures to block this threat actor from accessing victims’ computer systems. The actions by Microsoft were a significant part of the overall effort to deny the defendants continued access to hacking infrastructure, tools, accounts, and command and control domain names, the DOJ notes. In coordination with this announcement, the FBI also released a Liaison Alert System (FLASH) report that contains critical, relevant technical information collected by the FBI for use by specific private-sector partners.

 

Subscribe to Security Magazine

 

Email-icon-100

I want to hear from you. Tell me how we can improve.

BNP Media Owner & Co-CEO, Tagg Henderson

Related Articles

More than 100 Arrested in Global Hacking Takedown

Hacker Responsible for Capital One Data Breach Hacked More Than 30 Companies

NSA releases advisory on Chinese state-sponsored actors exploiting publicly known vulnerabilities

How two-factor authentication works with blockchain

Subscribe For Free!
  • eMagazine Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.

close
  • sponsored-content-BNP-covid__3J9FMQPY3I__
    Sponsored bySureView Operations

    How command centers are responding to COVID-19

Popular Stories

Allied officially able to complete G4S acquisition

G4S acquisition comes to an end; Allied now 7th largest employer in world

cyber security

CNA Financial hit by cyberattack

messaging platforms freepik

Slack removes message invites in DM feature over harassment concerns

Workplace violence a problem

Workplace violence rises, particularly for nurses, frontline workers

ransomware - cyber

Clop ransomware gang breaches University of Colorado and University of Miami

4.22_SEC_SBS_360x184_customcontent

Events

September 24, 2020

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

October 28, 2020

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

View All Submit An Event

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

Who has ownership or primary responsibility of video surveillance at your enterprise?
View Results Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 7th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
Security 500 360

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

SUBSCRIBE TODAY!
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners
  • Privacy
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2021. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing