The U.S. government has legally charged seven members of a China-based hacking group called APT41. Of the seven members, five are Chinese nationals. They have been accused of compromising government networks, hacking company servers to get ransoms, and for spying on activists from Hong Kong.
The criminal charges
The five members are said to have ties with a private company called Chengdu 404 Network Technology either as former or current employees. Though the firm claims to offer white hat hacking services that would aid clients in identifying security vulnerabilities, the company also carries out attacks against entities. The other two hackers are executives from a Malaysian company that deals in video game items.
Together, the seven accused hacked into the networks of hundreds of businesses and other organizations worldwide. They would hijack systems to demand ransoms and also steal identity information. One victim of the group was an organization that worked for the poor. The group hacked the organization’s computers, locked out its contents, and demanded payment in order to unlock it. The hackers are known to covertly use thousands of computers around the globe to mine cryptocurrencies. APT41 is suspected of hacking into government networks of countries like Vietnam and India. In one incident, the Malaysian members created thousands of fake game accounts to sell virtual items stolen by the hacking group.
APT41 had deep connections with the Chinese government, as can be seen by their activity. For instance, the hackers used to collect private information of a Buddhist monk in Tibet and a few pro-democracy activists in Hong Kong, two well-known targets of the Chinese Communist Party. One hacker even worked for a hacking group that used to take orders from the Chinese government and claimed to have close ties with the Ministry of State Security. Though the five Chinese nationals remain free, the two Malaysians were arrested recently. The U.S. government is seeking to extradite them from Malaysia.
“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace… This is the only way to neutralize malicious nation-state cyber activity,” Assistant Attorney General John C. Demers said, as reported by Tech Crunch.
Even though the indictment is the strongest action the U.S. has taken against APT41, security experts do not believe that it will deter the miscreants from carrying out future attacks. Mathieu Tartare, a malware researcher at ESET, points out that as long as the hackers remain in China, not venturing into any other country, the risk of being sent to prison is almost zero. Cybersecurity company FireEye calls APT41 one of the most active advanced persistent threat actors that it has been monitoring.
Steven Stone, director of advanced practices at FireEye, notes three unique characteristics of APT41. First, the group mostly remains unaffected by the high level of scrutiny cast on them. Even though many security agencies are after them, the group has never shown any significant change in their activity. Second, APT41 targets a wide range of industries spread around the world, making it very difficult for intelligence agencies to identify any shift in the core activity of the hacking group. Finally, APT41 often tends to use a consistent set of tactics in its attacks, adapting them as the situation requires.