Cybercrimes APT41 Group in Chinese Government and Attacks on Infrastructure

Abstract

Internet developments have led to an increase in the rate of cybercrimes around the world. Some of the most common types of such crimes are those that involve hacking computer systems. APT 41 is an example of a hacking group that targets individuals, institutions, companies, and industries in many countries around the world. The organization carries out espionage activities, and attacks that are motivated by financial gains. Both the United States Department of Justice and the cybersecurity firm FireEye have recently linked APT 41 to the Chinese government. However, China has since denied such allegations. The purpose of the current paper is to examine the relationship between APT 41 and the government of China, highlight the technological infrastructure attacks of the group, assess their impact, and suggest effective mitigation measures.

Introduction

Cybercrimes are increasingly becoming a common global problem. The internet has expanded educational, social, and economic opportunities (Kendzierskyj & Hamid, 2020). This has resulted in an improvement in human life and wellbeing. However, the same technology has provided unprecedented opportunities that lead to harm. Many nations, businesses, organizations, and human lives around the world have been ruined by cybercrimes (Steffens, 2020; Kim et al., 2021). The Center for Strategic and International Studies (CSIS) (2018) estimates that every year, cybercrimes lead to the loss of 1% of the global GDP. This translates to about $600 billion.

In most cases, cybercriminals use sophisticated techniques to commit serious cybercrimes. For instance, they use offensive cybersecurity technology to launch destructive attacks. This is a hacking technique which is mainly concerned with attacking systems (Lieberthal & Singer, 2012; Kendzierskyj & Hamid, 2020). The technology has nothing to do with attacking defense technologies. Most cybercrimes are motivated by financial gains or profit. However, there are some whose intention is to directly cause damage to computers and other devices by infecting them with viruses. Other cybercrimes are used to spread unauthorized information, malware, and other materials (Brush, 2021; Kim).

The world of cybercrimes was previously dominated by individual hackers. However, state-sponsored hackers are also getting their way into the field (Yong, 2020; Stacey et al., 2021). An example of such hackers is the APT 41. This group makes attacks using offensive cybersecurity technology. In the year 2019, the American cybersecurity firm FireEye revealed that APT 41 gets its sponsorship from the Communist Party of China. The company also stated that the group conducts its operations to benefit financially (FireEye, 2021). The purpose of the current paper is to examine the relationship between APT 41 and the Chinese government, highlights the group’s technological infrastructure attacks, assess the impact, and suggest effective mitigation strategies.

APT 41 Group and U.S. Department of Justice

APT 41 is one of the most prolific hacking organizations that carry espionage activities. The group has been in operation since 2012. It destroys infrastructure, disrupts operations, and steals sensitive data (FireEye, 2021). The operations of the organization are motivated by three main objectives: intelligence gathering, financial gain, and increasing competitive advantage (Lieberthal & Singer, 2012; Bing & Christopher, 2019; Lightfoot, 2020). APT 41 targets individuals and organizations to steal intelligence that can be used for further attacks. The stolen information can be held ransom for financial benefits. The organization gains a competitive advantage when it steals technology, industrial processes, results of scientific research, and other forms of intellectual capital.

In 2020, the United States Department of Justice identified APT 41 as an advanced persistent threat (Steffens, 2020; Stacey et al., 2021). This was in connection to charges against seven computer hackers whose cybercrimes had affected more than 100 companies worldwide. Five of the cybercriminals were Chinese nationals who were expert hackers (Threat Hunter Team., 2020; Geller, 2021).  The remaining two were Malaysian businessmen who helped the Chinese hackers to accomplish their mission (Geller, 2021). While the Malaysian nationals were arrested with the help of the Malaysian authorities, the Chinese government denied the allegations of using its citizens to commit cybercrimes.

Group Personnel

As mentioned above, there are seven hackers who are mainly associated with APT 41. The five Chinese hackers are Haoran Zhang, Chuan Qian, Dailin Tan, Lizhi Jiang, and Qiang Fu (Vavra, 2020; Geller, 2021). All these are expert hackers who are either former or current employees of Chengdu 404 Network Technology. This is a Chinese company that provides hacking services that are used to identify vulnerabilities available in the computer networks of a client. As far as the U.S. Department of Justice is concerned, this company’s activities include making malicious attacks on organizations that are not part of its clients.

The Grand Jury in the District of Columbia indicted Tan and Zhang on August 15th of the year 2019. These hackers were charged with hacking offences like identity theft, money laundering, and unauthorized access to computers that are protected (Geller, 2021). Many of these hacking activities were directed towards video game companies, high-tech companies, and individuals in both the United States and the United Kingdom (Lightfoot, 2020).  On August 11, 2020, Jiang, Qian and Fu were charged by the Federal Bureau of Investigations (FBI). They were accused of racketeering, identity theft, and fraud (Geller, 2021; FBI 2021). The three coordinated cyber-attacks against government officials, and media and communication companies. Many of their operations took place in the United States, Brazil, India, Japan, South Korea, Singapore, Thailand, Malaysia, Tibet, Sweden, and Japan.

The Malaysian businessmen who collaborated with the Chinese hackers were also indicted in August of 2020. Their names were Ling Yang Ching and Wong Ong Hua (Vavra, 2020). The two were based at SEA Gamer Mall. This is a Malaysian company selling video game currency, and various in-game things. The Malaysians were charged with cybercrimes such as fraud, identity theft, and conspiracy (Geller, 2021). They specifically worked with the Chinese hackers in attacking video game firms based in the United States, Japan, and South Korea (Lightfoot, 2020). The businessmen were arrested at Sitawan by the Malaysian government. This occurred on 14 September 2020.

Relationship with the Chinese Government and Other Groups

There is no enough evidence that can be used to prove that APT 41 has connections with the Chinese government. This calls for more investigations on the same. However, it is important to note that China is a country that is seeking to become the world superpower. To achieve this, the country has adopted a five-year economic development plan known as “Made in China 2025” (Fraser et al., 2019). One of the major objectives of the plan focuses on production of high-tech products. China uses these products to steal various types of foreign technologies required for the advancement of its national, economic, and military goals.

Many of the hackers linked to the APT by the U.S. Department of Justice are Chinese nationals. They work in companies or agencies that have close ties with China’s Ministry of State Security (Stacey et al., 2021). Most of the attacks of the hackers target foreign countries. The goal of the attacks is to collect important information about what is going on in other parts of the world. This information is what China is in need of for its growth. Although the Chinese hackers are involved in illegal activities, they are still at large. The Chinese authorities are reluctant to arrest them.

APT 41 has also been linked to other groups involved in carrying out cybercrimes. These include Winnti and Barium (Kendzierskyj & Hamid, 2020). The activities of these groups overlap with those of APT 41. The groups also use similar techniques. For example, they all use HIGHNOON malware in their activities (Kendzierskyj & Hamid, 2020). Additionally, APT 41 and some of the groups it is associated with share digital certificates. For example, FireEye found that a digital certificate from YNK Japan Video Game Company was used by not only APT 41, but also groups like APT 20 and APT 17 (Steffens, 2020).

Activities of APT 41

There are two main types of activities carried out by the APT 41. The firs type comprises espionage activities. These include attacks concerned with surveillance and intelligence gathering (Fraser et al., 2019). Such activities are used to obtain crucial information before financial and political activities. An example is the attack that APT 41 made on a German company known as TeamViewer AG. This company developed certain software that allowed remote system control. The software was hacked in 2016. The attack enabled APT 41 to access the users of the software throughout the world. By doing so, the organization was able to access important information about the management of TeamViewer AG, and details about its businesses (Fraser et al., 2019). Another example of espionage activity is the act of compromising government networks. Vietnam and India have been victims of this cybercrime (Lightfoot, 2020). APT 41 used this activity to access important government information from the two nations.

The second type of activities associated with APT 41 is those that are motivated by financial gains. Majority of the groups’ activities that target the video-game industry focus on monetary gains (Bing & Christopher, 2019; Fraser et al., 2019). The organization breaches video game companies for the purpose of stealing valuable in-game items. Such items are modified and then sold back to unsuspecting gamers. According to the reports of FireEye (2021), APT 41 is at some point able to create virtual game currency. This currency is sold to buyers in underground markers and other schemes that deal with money laundering (Bing & Christopher, 2019). Apart from attacking video game firms in other countries, APT 41 also makes attacks in China. Here, it mainly goes for gambling industries that are operating illegally (Yong, 2020). It is as well important to note that some of the members linked to the APT 41 group have gone as far as advertising their hacking skills online (Bing & Christopher, 2019). Such advertisements are meant to attract clients who can make payments for hacking services.

Infrastructure Attacks

To achieve its goals, APT 41 attacks various forms of technological infrastructure. For instance, it hacks the computers of various organizations or companies around the world (Fraser et al., 2019; FireEye, 2021). Using the breaches, the organization collects identities. In the process, it hijacks systems with an intention of demanding ransom (Bing & Christopher 2019; Lightfoot, 2020). In one of the operations, APT 41 attacked an anti-poverty non-profit organization. The hacking group took over one of the computers of the organization and held its contents hostage by way of using encryption software. They demanded some payment in order for the computer to be opened (Bing & Christopher 2019).

Apart from making attacks that are motivated by monetary benefits, APT 41 also makes some sophisticated attacks on foreign companies that are responsible for software development (Yong, 2020). What actually happens is that the group modifies the codes of the companies. This allows it to access the computers of the companies’ clients. It also needs to be pointed out that APT 41 also makes infrastructure attacks whose goal is to just make destructions. In one of the cases, the organization sent several emails that contained malicious software targeting a certain company’s human resource employees (Yong, 2020).

Targets of the Organization

APT 41 targets individuals, companies, institutions. On top of the list of targeted individuals are wealthy persons, lawmakers, researchers (Lightfoot, 2020; FireEye, 2021). These people are usually blackmailed by the hackers of the organization for financial interests. Targeted companies include big businesses and manufacturing firms (Lightfoot, 2020). From these companies, the hackers tend to steal manufacturing processes. Targeted institutions include the healthcare sector, and higher education sector (Lightfoot, 2020). From here, the hackers steal foreign technologies. New technologies and manufacturing processes are vital for China as a country that is trying everything to become the most industrialized nation on earth in the near future.

The efforts of APT 41 are often directed towards specific industries. These include healthcare, pharmaceuticals, software, high tech, telecommunications, media, gaming and education (Fraser et al., 2019; Lightfoot, 2020).  Some of the targeted industries are part of China’s national policy priorities. Examples include the healthcare sector, news media, and telecommunications. The education sector is targeted for ongoing research projects. Information from these projects is necessary for technological development of China. Other industries like the gaming firms are targeted by the hackers for profits and other personal reasons (Fraser et al., 2019).

Many of the targeted individuals and industries are based in certain nations. These include the United States, the United Kingdom, Japan, Thailand, South Korea, Malaysia, Singapore, Hong Kong, Tibet, Myanmar, India, Brazil, Sweden, France, Switzerland, Turkey, the Netherlands, Italy, and South Africa (Fraser et al., 2019; Lightfoot, 2020). Some of these countries are perceived as economic competitors of China. An appropriate example is the United States. Other of the countries in the list are the ones in which China has an interest. Examples include Tibet and Hong Kong. Beijing has for a long time experienced political unrest in these two areas.

Operating Techniques and Modes

APT 41 uses distinct techniques in making its operations. For instance, it uses passive backdoors (Kendzierskyj & Hamid, 2020). Unlike the traditional backdoors favored by other groups of advanced persistent threats, passive backdoors cannot be easily detected. This is due to the fact that it is difficult to identify the technique. The group also uses a technique that involves the use of software to compromise systems (Fraser et al., 2019; Kendzierskyj & Hamid, 2020). This technology makes it easy for certain coded to be injected to system files. The whole process leads to alteration of systems and data theft.

Another technique employed by APT 41 in its attacks is the use of Bootkits (FireEye, 2021). This is a type of malware that is difficult to detect among other type of cyber espionage. Security systems often find it hard to detect such malicious codes. Moreover, APT 41 uses spearfishing emails to carry out cyber espionage (Kendzierskyj & Hamid, 2020). Using this technique, the organization sends misleading information to its targets with an intention to obtain some important information from them. To increase its chances of succeeding, the group gathers personal data from the targets. Spearfishing emails target media groups, and bitcoin exchanges.

Unlike other groups of cybercriminals, APT 41 hackers tend to be persistent in their activities (Fraser et al., 2019; Lightfoot, 2020). They take a long period of time to pursue their goals. This allows them to adapt to various cyber defenses. After this, the hackers tend to retarget their victims until they ensure that their goals are achieved. It is also worth noting that APT 41 operates very fast (Lieberthal & Singer, 2012). It quickly identifies intermediary systems in a network before compromising them. It is reported that in one of its operations, the organization was able to compromise hundreds of network systems in many geographical regions in less than two weeks (Lightfoot, 2020). This is really astonishing.

Impact of APT 41 Attacks

The individuals, organizations, companies, industries, and nations that have been victims of the attacks of APT 41 have suffered a lot. For instance, many of the targeted people have experienced reputational harm. Business firms are counting financial losses. Organizations have experienced disruption and data theft (Lieberthal & Singer, 2012; CSIS, 2018; Fraser et al., 2019). Such situations call for effective measures that can help to mitigate the harmful impact of APT 41. However, this depends on what works best for the person or organization targeted by the group.

Recommended Mitigations

There are various mitigation measures that can be adopted by groups that are vulnerable to APT 41 attacks. To begin with, it is important to think of antimalware defenses (Chapple, 2021). These can help to provide protection against ransomware attacks. Apart from these simple technologies, it may be necessary to use advanced protection technologies. Examples include sandboxing and other endpoint detection platforms (Chapple, 2021; Lightfoot, 2020). There is also need to ensure that employees are educated about social engineering risks (Lieberthal & Singer, 2012; Lightfoot, 2020). This can help them to easily detect attacks. Moreover, it is necessary to have backups of sensitive data (Lightfoot, 2020). This can help to ensure that critical information is not lost.

Conclusion

APT 41 is indeed a dangerous hacking group. Based on the reports of the U.S. Department of Justice and those of FireEye, it is evident that APT 41 is associated with the Chinese regime. This is due to the fact that many of the cybercrimes of the groups target industries or sectors that China has prioritized in its “Made in China 2025” economic development plan. These include telecommunications, and healthcare. It is also important to note that many of APT 41 attacks made on technological infrastructure outside China with an intention to steal sensitive information. This is what China requires to achieve it ambition of becoming the world superpower. APT 41’s activities have resulted in financial losses, reputational harm, and disruption of systems. This impact can be mitigated through antimalware defenses, endpoint detection platforms, backups of sensitive information, and sensitization of employees on social engineering risks.      

References:

Bing, J. M., & Christopher, J. (2019). Chinese government hackers suspected of moonlighting for profit. Reuters. Retrieved from https://www.reuters.com/article/us-china-cyber-moonlighters-idUSKCN1UX1JE

Brush, K. (2021). Cybercrime. Retrieved from https://searchsecurity.techtarget.com/definition/cybercrime

Center for Strategic and International Studies (CSIS). (2018). Economic Impact of Cybercrime. Retrieved from https://www.csis.org/analysis/economic-impact-cybercrime

Chapple, M. (2021). 5 key ransomware protection best practices to safeguard assets. Retrieved from https://searchsecurity.techtarget.com/tip/5-key-ransomware-protection-best-practices-to-safeguard-assets?utm_source=google&int=off&pre=off&utm_medium=cpc&utm_term=GAW&utm_content=sy_lp09022021GOOGOTHR_GsidsSecurity_Rubrik_Essential_IO157904_LI2412249&utm_campaign=Rubrik_EG_sS_Intl&Offer=sy_lp09022021GOOGOTHR_GsidsSecurity_Rubrik_Essential_IO157904_LI2412249

Federal Bureau of Investigation (FBI). (2021). What we Investigate: The China Threat. Retrieved from https://www.fbi.gov/investigate/counterintelligence/the-china-threat

FireEye. (2021). Advanced Persistent Threat Groups. Retrieved from https://www.fireeye.com/current-threats/apt-groups.html

Fraser, N., Plan, F., O’Leary, J., Cannon, V., Leong, R., Perez, D., & Shen C. (2019). APT41: A Dual Espionage and Cyber Crime Operation. Retrieved from https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html

Geller, E. (2021). U.S. charges 5 Chinese hackers, 2 accomplices with broad campaign of cyberattacks. POLITICO. Retrieved from https://www.politico.com/news/2020/09/16/us-charges-chinese-hackers-cyberattacks-415954

Kendzierskyj, S., & Hamid, J. (2020). Critical National Infrastructure, C4ISR and Cyber Weapons in the Digital Age. In Advanced Sciences and Technologies for Security Applications. Cham: Springer International Publishing, pp. 3–21.

Kim, K., Alfouzan, F. A., & Kim H. (2021). Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework. Applied Sciences, 11 (7738). https://doi.org/10.3390/app11167738

Lieberthal, K., & Singer, P. W. (2012). Cybersecurity and U.S.-China Relations. Rerieved from https://www.brookings.edu/wp-content/uploads/2016/06/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf

Lightfoot, K. (2020). Examining Chinese Cyber-Attacks: Targets and Threat Mitigations. Msc, Utica College.

Stacey K., Warrell, H., & Murphy, H. (2021). US accuses China of masterminding cyber attacks worldwide. Financial Times. Retrieved from https://www.ft.com/content/54803790-ac33-4616-a0b5-7c39e3ea0b29

Steffens, T. (2020). Advanced Persistent Threats. In Attribution of Advanced Persistent Threats, Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 3–21, doi: 10.1007/978-3-662-61313-9_1, ISBN 978-3-662-61312-2

Threat Hunter Team. (2020). APT41: Indictments Put Chinese Espionage Group in the Spotlight. Retrieved from https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt41-indictments-china-espionage

Vavra, S. (2020). Five Chinese nationals, two Malaysians charged in connection with global hacking campaign. Cyberscoop. Retrieved from https://www.cyberscoop.com/chinese-hacking-charges-apt41/

Yong, C. (2020). China acting as a safe haven for its cyber criminals, says US. The Straits Times. Retrieved from https://www.straitstimes.com/world/united-states/us-charges-7-in-wide-ranging-chinese-hacking-effort

Essay Tutors
Calculate your paper price
Pages (550 words)
Approximate price: -

Why You Should Choose Us

Affordable Prices

Since we know that we are dealing with students, either part time or full time, many might be having financial constraints, but still want to pursue academic life. This has made us ensure we have very affordable prices, and wonderful discounts, yet give high quality products.

Professional Writers

Our reputation has been built because of the dedicated and highly qualified writers in our team. The writers give clients high quality products which guarantees return clients and referrals.

Quality

Our team is dedicated to giving clients the best quality products. However, if a paper does not meet the requirements stated by the client, our team will provide free revisions to the satisfaction of the client.

Moneyback guarantee policy

We believe that clients should get value for their money. If the client finds that the product has not met the requirements stated, we will refund the amount paid.

Original papers

We understand how plagiarism can ruin clients’ careers and reputation. We thus strive to provide original papers to our clients. We use several tools to check plagiarism. This ensures that clients get products that meet their institutions’ standards.

24/7 Customer Support

You can reach our support team via, live chat, email or phone. All your issues will be dealt with asap as the team works round the clock.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

You have other errands to run? No need to worry. Place your order with us, carry out your errands while we do your paper and deliver on time.

Blog Writing

Give us a topic you want your blog based on, and let our team handle the rest. You will get the best article to be published in any forum you want. We have able team to do all the work for you.

Assignments

Many students are given assignments by their tutors. However, students find it challenging to just even come up with a topic. This should no longer be a problem to you. Just visit our site, contact the support team that will help you place your order, and find the best writer to handle the assignment.

Dissertation Services

Dissertation has proven to be challenging to most students. For this reason, we have specialized writers who handles only these kind of papers. You will be in constant touch with the writer and the support team once you place a dissertation order to make sure nothing goes wrong.

Editing and Proofreading

Some students have good points and writing prowess. However, they make minor mistakes that deny them good grades. To avoid such cases, you can give us your already written paper so that our team can edit it to the correct formatting style, language, proper flow and the correct academic language. This gives you an upper hand to get the best grade than a person whose job has not been edited.