Chinese Group Said to Carry Out Huge Cyber Intrusion Operation

The APT41 group targeted vulnerabilities at targets around the world in one of the broadest operations of its kind by Chinese hackers. The telecommunications, defense, high technology, healthcare, banking/finance, and petrochemicals industries were among those targeted, cyber security company FireEye says

Archive photo: Bigstock

A state-sponsored Chinese hacking group carried out an espionage campaign between late January and early March against a wide scale of industries in more than 20 countries, according to cyber security firm FireEye.  

In research published on March 25, FireEye said its telemetry observed "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years." The APT41 group is said to have targeted vulnerabilities in Zoho's ManageEngine Desktop Central, Cisco routers, and Citrix's Application Delivery Controller at more than 75 FireEye customers.

According to FireEye, APT41 "continues to be one of the most prolific threats" that it monitors. It called the hackers "a unique state-sponsored Chinese threat group that conducts espionage," and also "conducts financially motivated activity for personal gain."

The intrusion campaign was carried out against targets in Poland, Switzerland, the UK, Mexico, Japan, the Philippines, India, the US, Canada, France and Australia, among others, the company said.

Industries such as telecommunications, defense, high technology, healthcare, banking/finance, petrochemicals, transportation, construction, manufacturing and pharmaceuticals were targeted.

FireEye noted a lull of intrusion activity during the Chinese Lunar New Year holiday period in late January, a common pattern among Chinese hackers, and during coronavirus-related quarantines imposed by China in February.   

The company said the latest exploitation attempts leveraged publicly available malware, but "in previous cases APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance."

You might be interested also

Aqua founders Dror Davidoff and Amir Jerbi. Photo: George Disario

Aqua Security Raises $30 Million in Series D Funding

More than 400 companies in various sectors utilize the Israeli company's cloud native security solutions. The latest investment round brings the total raised by Aqua to more than $130 million