Cybersecurity

Experts report recent increase in Chinese group’s cyberattacks

A prolific Chinese government-backed cyber group has recently stepped up its attacks on health care, pharmaceutical and other sectors, according to research released Wednesday by cybersecurity group FireEye. 

FireEye experts discovered that the Chinese cyber threat group known as APT41 had launched what they described as “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

The group, which FireEye previously assessed with “high confidence” is state-sponsored, was found to have widely targeted companies in almost two dozen countries in a variety of sectors between January and March. 

Beyond health-related industries, APT41 also went after firms involved in the banking, construction, defense, manufacturing, telecommunications, media and utility sectors, among others. 

FireEye experts noted in a blog post about the widespread attacks that while they were not certain why these industries were chosen, the “victims appear to be more targeted in nature.”

FireEye has tracked APT41 since 2012, when it launched cyberattacks on the video game industry before moving on to state-sponsored cyber activity a few years later. 

“In 2020, APT41 continues to be one of the most prolific threats that FireEye currently tracks,” the experts wrote. “This new activity from this group shows how resourceful and how quickly they can leverage newly disclosed vulnerabilities to their advantage.”

China is widely considered by cyber experts to be one of the most dangerous states players in cyberspace alongside Russia, North Korea, and Iran. 

The Chinese Foreign Ministry did not comment to Reuters on the claims it was sponsoring widespread cyberattacks, but said that China was “a victim of cybercrime and cyberattack.”

FireEye Security Architect Christopher Glyer speculated to Reuters that the spike in cyber activity may be due to tensions between the U.S. and China over the coronavirus pandemic and trade-related issues.  

The 2019 Worldwide Threats Assessment put together by former Director of National Intelligence Dan Coats found that China “presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems.”