Report: State-Sponsored Espionage Group Moonlights as Cybercriminal Society Author: Jimmy Aki Last Updated: 16 June 2020 A cybersecurity firm has expressed its belief that Chinese state hackers have set their sights on gaming and cryptocurrency enterprises. In a publication released on August 2, California-based FireEye claimed that APT41, an Advanced Persistent Threat group sponsored by the Chinese state, is conducting some financially-motivated activity for personal gain. Per the report, APT41 “targets industries in a manner generally aligned with China’s Five-Year economic development plans.” The group is said to be unique among China-based players because it utilizes tools that are ideally used for espionage campaigns and instead focuses them on activities motivated by personal gain. The research disclosed that ATP has been operating across over 14 jurisdictions for the past seven years, with its targeted industries including healthcare, high technology (semiconductors, batteries, and electric vehicles), media, pharmaceuticals, and more. Its operations are essentially spilled between those that are financially-motivated, and those sponsored by the Chinese government. In one instance, APT41 targeted the reservation systems of a hotel ahead of the arrival of Chinese state officials, suggesting that they were hired by the government to perform reconnaissance on the hotel for security reasons. Their cybercrime intrusions were said to be apparent amongst the video game industry, with activities including virtual currency manipulations and attempts to deploy ransomware. FireEye also highlighted that APT had used its access to some production environments to corrupt files with malicious code, which are subsequently infused into targeted organizations. The company noted, “These supply chain compromise tactics have also been characteristic of APT41’s best known and most recent espionage campaigns.” APT41’s Crypto Engagements Speaking on the crypto attacks, the report claimed that APT41 sent spear-phishing Emails out back in June 2018 in an attempt to lure targets to a crypto-linked, decentralized gaming platform. The mails were reportedly sent from an address listen under the name Tom Giardino, a supposed reference to an employee at Valve; the American video game developer responsible for software distribution platform Stream and other video games. The same address was used to target another cryptocurrency exchanges in the same month. In October 2018, the unit used XMRig, a crypto mining tool for Monero, to deliver malicious emails to a blockchain-based gaming startup. The move exhibited a continued interest in cryptocurrencies, and it wouldn’t be far-fetched to believe that more crypto-centric attacks would be launched in the near future. This would definitely not be the first time that crypto exchanges are falling victim to hacking groups. In a world where people are looking to buy cryptocurrency, even more, exchanges have been forced to stay on high alert. Even with that, there is always the news of the occasional hack ever now and then. A few months ago, the personal computers of employees at Japanese exchange Coincheck were infiltrated by a virus. The subsequent hack led to the theft of about 58 billion yen (about $546.3 million) worth of the NEM token. Further investigation showed that the virus was traceable to a Russian hack group. According to a report on the hack, viruses known as “mokes” and “netwire” were disseminated via an Email attachment. Upon its initialization, the virus gave hackers full access to the exchanges private keys, and the assets were moved.