FireEye Identifies Prolific Chinese Cyber Threat Group
APT41 – a dual espionage and cyber crime threat actor – is responsible for targeted operations against organizations in 15 jurisdictions, across multiple industries including healthcare, gaming, high-tech and the media.
LAS VEGAS – Black Hat USA Conference – August 7, 2019 – FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today released the details of its newly named Advanced Persistent Threat group – APT41.
“APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain. They are as agile as they are skilled and well-resourced,” said Sandra Joyce, SVP of Global Threat Intelligence at FireEye. “Their aggressive and persistent operations for both espionage and cyber crime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries.”
APT41: A Double Threat, Worldwide
APT41 activity spans across 15 jurisdictions and more than seven years, targeting industries such as healthcare, high-tech, telecommunications, higher education, video gaming, travel, and even news organizations.
FireEye has observed individual members of APT41 conducting primarily financially motivated operations since 2012 before expanding into likely state-sponsored activity. Evidence suggests that these two motivations were balanced concurrently from 2014 onward. To date, organizations have been targeted in the following locations: France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, the United States, and Hong Kong.
Tactics are shared between espionage and financial motivated operations:
- Espionage campaigns have targeted healthcare (medical devices and diagnostics), high-tech, and telecommunications with the purpose of collecting strategic intelligence, or as seen in the past, the theft of intellectual property.
Financially motivated cyber crime intrusions are most
apparent among video game industry targeting, including the
manipulation of virtual currencies, and ransomware deployment
- Read the detailed blog post: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
- Download the full report: http://content.fireeye.com/apt41/rpt-apt41
- Register for the dedicated August 29 webinar: https://www.brighttalk.com/webcast/7451/366611
Interested in speaking with FireEye experts about the modern security environment, trends, and what’s new in stopping the latest, most dangerous threats? Come visit FireEye during Black Hat USA at booth #504.
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 8,200 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
© 2019 FireEye, Inc. All rights reserved. FireEye and Mandiant are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.