A group of Chinese hackers APT41, known for a series of state-sponsored spying attacks, are blackmailing the video game industry, according to a new report.
According to the company FireEye for cyber security, the cyber threat group – it is called Advanced Persistent Threat 41 (APT41) – Unique in that it increases non-generic malware usually reserved for spyware campaigns in what appears to be an activity for personal gain.
While the Chinese group appears to have been active at least since 2012, public disclosure suggests that its motives have become evident from 2014 onwards. APT41 Basim Barium or Winnti by other companies, it has previously been linked to a series of attacks targeting Asus, NetSarang and CCleaner in the last years.
The report added that under APT41 several intelligence-gathering campaigns were launched prior to critical political events and strategic business decisions, focusing on sectors such as pharmaceuticals, healthcare, retail, education, and virtual currencies. The Chinese group chased companies in at least 14 countries, including France, India, Singapore, South Korea, the United Kingdom and the United States. United States, reflecting the global nature of the attacks.
In addition, the group continuously targets the video game industry – development studios and publishers – directly and through supply chain concessions, even when the group moved away from IP theft in 2015 following a landmark agreement between the United States of America and the Internet that enabled theft for commercial gain.
The campaigns operate by injecting malware into legitimate third-party video game programs, which are subsequently distributed to victim organizations and, moreover, APT41 have benefited from a variety of tactics – spear trolling, toolkits, capturing server credentials, and the use of hacked digital certificates from gaming studios to sign malware – in order to access development environments and distribute malicious code.