Members of a prolific state-sponsored Chinese cyber-espionage operation are using their hacking skills to carry out financially motivated cyberattacks against targets around the world.
Dubbed APT41 by researchers at FireEye, the group spies on organisations worldwide across 15 sectors, including healthcare, high-tech, telecommunications and higher education.
The attacks coincide with 'Made in China 2025', Beijing's strategy to push China towards producing higher value products and services – and it isn't unknown for hackers working out of the country to attempt to steal data to help reach this goal.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
However, analysis by researchers found members of APT41 are also employing their hacking skills on the side, using them to conduct attacks purely for financial gain, predominantly against the video game industry.
Jacqueline O'Leary, senior threat intelligence analyst at FireEye, told ZDNet the hackers are moonlighting from their spying duties, "working on espionage at certain times of the day, then [running] financially motivated [attacks] at other hours"
FireEye has identified two individuals who are highly likely to be Chinese espionage contractors working for APT41 and has traced their activity back to 2012, where the main focus of the pair was attacking video games companies and players for profit.
"It probably started out as a personal interest with things they're familiar with. A lot of the techniques and procedures they used in the video game targeting would become crucial in their espionage activity later on," O'Leary said.
Since 2014 the attackers have also conducted cyber espionage to steal strategic intelligence for China.
APT41 is believed to have 46 different types of malware at its disposal – some exclusive to the group, while others are used by Chinese hacking groups in general, with some tools adopted by other operations working on behalf of Beijing.
Backdoors, credential stealers, keyloggers, and rootkits feature in APT41's arsenal and, like many hacking campaigns, the attacks typically begin with spearphishing emails.
Organisations in France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States, and Hong Kong have been targeted by what's described as a prolific espionage operation.
"They've shown persistence and agility in getting onto systems, even after they've been remediated. They've also been able to breach a large number of systems at one time," said O'Leary.
"Over the years they've been one of the most consistent groups we've seen – they're very broad in their targeting across industries and geographies and they're very active."
FireEye has detailed APT41's campaigns – both in cyber espionage and in cybercrime – in their full report on the group.
MORE ON CYBER CRIME