The US may have identified five members behind a notorious Chinese hacking group that's been targeting video game companies for years.
On Wednesday, the Justice Department announced charges against five Chinese citizens for breaching over 100 companies, including software and video game developers, to steal source code, customer account data, and valuable business information.
US officials are tying the suspects' activities to the hacking group APT 41, also known as Barium and Winnti. According to security experts, the group is likely working on behalf of the Chinese government to commit cyberespionage, but it also engages in cybercrime for its own financial gain.
APT 41 may also be the group responsible for tampering with CCleaner and Asus’s Live Update tool back in 2017 and 2018 to secretly download malware to thousands of users' Windows PCs.
(Credit: FireEye)
The Justice Department unsealed two indictments today: The first was returned from a US grand jury in August 2019 and charges Zhang Haoran and Tan Dailin, both 35, with trying to hack into six unnamed video game companies, five of which operate servers in the US. The goal was to access company databases in order to illegally create valuable virtual game items and sell them to other gamers for profit.
To break in, Zhang and Tan allegedly sent spear-phishing emails, tricking employees at the victim companies into downloading malware to their corporate computers. In other cases, they pulled off “supply chain attacks” by breaking into legitimate software vendors, and rigging their products with malicious code. The products would then get unknowingly distributed to third-party customers, infecting their computers with malware.
To profit off the hacks, Zhang and Tan allegedly worked with a pair of Malaysians who sold access to virtual game items on a site called SEA Gamer. The two Malaysians, Wong Ong Hua and Ling Yang Ching, were arrested on Sunday and now face extradition to the US.
The second indictment, returned by a grand jury in August 2020, charges three other Chinese suspects: Jiang Lizhi, 35, Qian Chuan, 39, and Fu Qiang, 37. Federal investigators claim the trio orchestrated hacks that affected over 100 companies and breached government networks belonging to India and Vietnam. “In one notable instance, the defendants conducted a ransomware attack on the network of a non-profit organization dedicated to combating global poverty,” the Justice Department said.
According to indictment, the three suspects work for a Chinese security company called Chengdu 404 Network Technology Co, but behind the scenes have been conspiring to hack into US companies. The indictment also claims Jiang collaborated with Zhang Haoran and Tan Dailin. In addition,Jiang at one point allegedly boasted to an associate of having a “very close” relationship with China’s Ministry of State Security.
How federal agents identified the suspects, who remain at large, isn't clear, but the indictments indicate the FBI has been tracking their personal communications. The Justice Department also worked with Microsoft, Facebook, and Google to shut down the servers and malicious web domains the hackers have been using to set up their attacks.
Although it's unlikely the Chinese government will extradite the suspects, the Justice Department is hoping to strike fear in China’s state-sponsored hackers that they’ll become wanted international criminals unless they adopt a new profession.
The US has charged the five Chinese suspects with numerous crimes, including conspiracy to commit wire fraud, unauthorized access of protected computers, and aggravated identity theft. If they’re ever arrested to face trial, they face decades of prison time.
Further Reading
- Razer Accidentally Exposed Customer Data Via Leaky Server
- Hackers From Russia, China, Iran Are Targeting Presidential Campaigns, Microsoft Warns
- Portland, Oregon Imposes Strict Ban on Facial-Recognition Technology
- Yubico Security Key That Supports USB-C and NFC Is Finally Here for $55
- More in Security