US charges 5 Chinese “Apt41” actors for hacking into more than 100 companies
In August 2020, the same federal grand jury returned a third indictment charging two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.
“These indictments indicate how malicious actors are diversifying their tactics to attain a broader range of outcomes. In particular, breaching gaming companies to steal in-game items and currency for real-world profit rather than stealing corporate data means security teams must be sure their efforts are well-distributed across both internal and external systems," says Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile phishing solutions. "The attackers were able to gain access to internal networks and likely moved laterally across the infrastructure to identify the most profitable items. Unauthorized access to the infrastructure often starts with a phishing attack. Threat actors will target particular employees and phish their credentials in order to get access to particular parts of the infrastructure. These days, phishing attacks primarily start outside of the traditional email channels. The primary channels are now SMS, social media platforms, third-party chat platforms, direct messages in gaming apps, and others that are primarily accessed on mobile devices.”