US security researchers have uncovered what they say is one of the broadest Chinese cyber campaigns in years. First observed in late January, the campaign has been traced to a threat group, called APT41, that allegedly conducts cyber espionage on behalf of the Chinese government.
According to FireEye, the US security firm that has tracked the activity, Chinese campaigns have been narrowing in scope over the last few years. However, APT41’s latest spree of attacks bucks this trend, targeting FireEye clients in around 20 sectors and as many countries.
Sign up to Emerging Threats, our weekly cyber security newsletter
The attacks, which have sought to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho’s MangeEngine Desktop Central software, focused on targets in the UK, US, France, Japan, Saudi Arabia, Singapore, Sweden and the UAE, among other countries.
Affected industries included government, healthcare, technology, higher education, banking, media, telecoms and travel, among others, according to data gathered on the 75 FireEye customers that were targeted.
“It’s unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature,” FireEye’s researchers said in a blog.
The campaign was observed between 20 January and 11 March but appeared to pause from 2 to 19 of February. “China initiated COVID-19 related quarantines in cities in Hubei province starting on January 23 and January 24, and rolled out quarantines to additional provinces starting between February 2 and February 10,” FireEye noted.
“While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways, which we were unable to observe with FireEye telemetry.”
In 2016, then US president, Barack Obama, signed an agreement with China’s Xi Jinping in an attempt to bring an end to state-sponsored theft of intellectual property. In the weeks following the agreement, Chinese commercial hacks fell by around 90 per cent. But as US relations with China have deteriorated in the years since, attacks have increased once again.