Security News > 2020 > September > U.S. Charges Alleged Hackers of Chinese APT41 Group for Attacks on 100 Firms
The United States Department of Justice on Wednesday announced indictments against five Chinese nationals believed to be part of a state-sponsored hacking group known as APT41.
Also known as Winnti, Barium, Wicked Panda and Wicked Spider, the hackers allegedly launched cyberattacks on more than 100 companies in the United States and abroad. Their targets, the DoJ says, include software and video game companies, computer hardware makers, telecom providers, and social media organizations, but also governments, non-profit entities, universities, and think tanks, not to mention pro-democracy politicians and activists in Hong Kong.
The August 2020 indictment charges Jiang, Qian, and Fu with conducting the affairs of a Chinese company named Chengdu 404 Network Technology "Through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam."
A third indictment returned by the same federal jury in August 2020 charges Malaysian businessmen Wong Ong Hua, 46, and Ling Yang Ching, 32, for conspiring with two of the Chinese hackers.
"APT41 has been the most prolific Chinese threat actor tracked by Mandiant Threat Intelligence over the last year. This is a unique actor, who carries out global cyber espionage while simultaneously pursuing a criminal venture. Their activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into traditional espionage, most likely directed by the state. APT41's ability to successfully blend their criminal and espionage operations is remarkable," John Hultquist, Senior Director of Analysis, Mandiant Threat Intelligence, said in an emailed comment.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)