US charges APT 41 group members for hacking over 100 companies

Two Malaysian hackers and five Chinese hackers allegedly part of a state-sponsored hacking group APT 41 charged for hacking 100 companies worldwide.

The US Department of Justice revealed the names of seven international hackers currently on the FBI’s radar in a press release published on Wednesday. The FBI tweeted about this development, that read:

“The #FBI and our partners today announced charges against five Chinese nationals for their alleged activities, including unauthorized access to protected computers, money laundering, and fraud.”

Part of the list is five Chinese hackers Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan, Fu Qiang, and two Malaysian businessmen. Horan and Dailin were charged earlier in August 2019, while the rest of the cybercriminals were charged in separate indictments in August 2020.

The Malaysian hackers were arrested on Sunday, 14 Sep 2020, from Sitiawan, Malaysia, and their extradition process is currently underway.

According to the DoJ, they “conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.”

The rest of the five accused are still at large, most probably living in China. The individuals are charged for running a global hacking campaign and targeting over 100 different companies worldwide.

The suspects attacked a broad range of entities, including video gaming firms, software development firms, telecom providers, computer hardware manufacturers, non-profit organizations, foreign governments, educational institutions, pro-democracy campaigners and politicians in Hong Kong, and think tanks.

“The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom,” the press release revealed.

The hackers aren’t charged for participating in an operation sanction by China’s government but indulging in activities that benefitted Beijing.

These individuals are part of a larger group called Advanced Persistent Threat (aka APT41, Wicked Panda, Barium, Wicked Spider, and Winnti).

This group has been operating since 2012 and hasn’t only launched financially motivated attacks against the online gaming industry, but has performed wide-scale cyber espionage for Chinese intelligence agencies. Deputy Attorney General Jeffrey Rosen stated that:

“Cyber-security experts have referred to APT-41’s activities as one of the broadest campaigns by a Chinese cyber espionage actor in recent years.”

The accused hackers specialize in stealing proprietary source code, customer account data, software code signing certificates, and confidential business data through launching software supply-chain attacks. It distributed malicious, digitally signed versions of software for infecting the systems of its targeted organizations. If the system didn’t offer valuable data, the group used crypto-jacking malware and ransomware to attain monetary benefits.

The three Chinese hackers indicted this year allegedly worked for Chengdu 404 Network Technology, a China-based network security firm. FU, who calls himself a skilled developer and programmer, worked with JIANG since 2008, and with QIAN while working for JIAN since 2013. Later, he also started working for CHENGDU 404.

The US District Court for the District of Columbia issued arrest warrants and seizure warrants for the accused.  The authorities could seize,

“Hundreds of accounts, servers, domain names, and command-and-control (C2) ‘dead drop’ web pages used by the defendants to conduct their computer intrusion offenses.”

The DoJ further noted that Microsoft aided the FBI by denying the defendants access to hacking infrastructure/tools, accounts, and C&C domains.

Tan and Zhang are charged with 25 counts of money laundering and computer fraud and will face 20 years in prison. Fu, Jiang, and Qian are charged with 9 similar counts and will be facing 20 years in prison.

Ling and Wong on the other hand are charged with 23 similar counts and additional charges of involvement in false registration of domain names. Hence, they may receive a prison term of 27 years.

The group, according to DoJ, targeted companies around the world, including:

South Korea
Hong Kong

You may also like...