The United States has filed charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers who are responsible for hacking more than 100 companies across the world.
The cyber-espionage group named APT41, also known as ‘Barium,’ ‘Winnti, ‘Wicked Panda,’ and ‘Wicked Spider,’ has been operating since at least 2012 and are involved in strategic intelligence collection from valuable targets in many sectors and financially motivated attacks against online gaming industry.
The APT41 group is one of the most infamous and most active state-sponsored hacking groups that specializes in software supply-chain attacks, where hackers steal proprietary “source code, software code signing certificates, customer account data, and valuable business information,” and distribute digitally signed malicious versions of the software to infect systems at targeted organizations.
As per the court documents, in some cases where the targeted systems didn’t have any valuable information, the defendants also used ransomware and crypto-jacking malware to monetize their efforts.
According to a press release published by the U.S. Justice Department, two of the five Chinese hackers—Zhang Haoran and Tan Dailin were charged in August 2019 for allegedly hacking high technology and video gaming companies, and a United Kingdom citizen.
The three other APT41 members, Jiang Lizhi, Qian Chuan and Fu Qiang were charged in a separate indictment filed in August 2020. They are associated with a network security company Chengdu 404 Network Technology that operated as a front by the People’s Republic of China.
All five APT41 members remain at large, and their names are added to the FBI’s Cyber Most Wanted List.
The two Malaysian hackers, Wong Ong Hua and Ling Yang Ching were charged in separate indictments in August 2020. They were arrested by Malaysian authorities in Sitiawan on September 14, 2020, and are being extradited to the United States.
The hacking group targeted industries such as software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
The hackers also compromised foreign government computer networks in India and Vietnam. They also executed attacks against government networks in the United Kingdom but was not successful.
The targeted companies were located in the United States and worldwide, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
The DoJ stated that in addition to arresting warrants for all of the charged defendants, in September 2020, the U.S. District Court for the District of Columbia issued seizure warrants that resulted in the recent seizure of hundreds of accounts, servers, domain names, and command-and-control (C2) ‘dead drop’ web pages used by the defendants to conduct their computer intrusion offenses.
Zhang and Tan have been charged with 25 counts of computer fraud and money laundering, which carry a maximum sentence of 20 years in prison.
Jiang, Qian, and Fu are charged with nine counts that carry a maximum sentence of 20 years in prison.
The indictment against Wong and Ling charges the defendants with 23 counts of similar charges. But they are also involved in false registration of domain names and so it would increase their maximum sentence of imprisonment for money laundering to 27 years.
Image Credits : Newsweek