An Israeli-American cybersecurity firm has claimed that a China-backed group has carried out a massive hacking operation for intellectual property theft and industrial espionage across three continents.
The firm Cybereason, based in Boston, with offices in Tel Aviv, London and Tokyo, said the group used sophisticated ways and worked invisibly to acquire critical private information from technology and manufacturing organisations in the US, Europe and Asia.
The Winnti Group, which is also known as APT41, Blackfly and Barium, is known to operate on behalf of Chinese state interests. It’s an umbrella term for connected hacking groups that have been around since 2009 and have established a name for themselves by attempting to hack into thousands of firms in quest of intellectual property.
Asian game developers have been its target. For example, an attack against Gravity, the South Korean games business behind the long-running Massive Multiplayer Online Role-Playing Game (MMORPG) Ragnarok Online, revealed the group’s hallmark, according to a threat report published in 2020.
The US Department of Justice indicted some known members of the organisation in 2020 for computer crimes against over 100 corporations in the US and other nations, including software development companies, computer hardware manufacturers, telecommunications providers and gaming companies.
Separately, in 2019, the Bavarian Radio & Television Network (BR) and Norddeutscher Rundfunk (NDR), two German public broadcasters, published an investigative report on the cyber threat group and said that it has been spying on select businesses for years.
According to Cybereason’s investigation, the Winnti Group has been involved in large-scale intellectual property theft and cyber espionage since at least 2019, and possibly before.
Researchers at the firm were able to watch in real-time as the gang attempted to collect sensitive data such as patent and product details, source codes, tech blueprints and manufacturing instructions.
During the investigation, dubbed ‘Operation CuckooBees’, Cybereason discovered a previously unknown “family of malware”, which included a new version of Winnti virus known as WINNKIT, which Dahan described as a very powerful cyber tool of Chinese origin, most likely military intelligence.
According to Cybereason’s analysis, the malware allowed the hackers to undertake reconnaissance and credential dumping to extract various passwords and login details, enabling them to move laterally through the network.
The report further noted that attackers were able to steal extremely sensitive data from crucial servers and endpoints belonging to high-profile stakeholders.
The Federal Bureau of Investigation (FBI) and the Department of Justice had been briefed on Cybereason’s findings.
Over the years, Western nations, particularly the United States and the United Kingdom, have accused China of conducting large-scale cyber operations aimed at stealing massive amounts of data, including commercial secrets, scientific research, and people’ personal information.
Read all the Latest News , Breaking News and IPL 2022 Live Updates here.