When not conducting cyber espionage campaigns, a group believed to be sponsored by the Chinese government has allegedly been hacking video game companies for its own financial gain.
Security company FireEye found that a state-backed cyber threat group they call Advanced Persistent Threat 41 (APT41) has been conducting “financially-motivated” campaigns by manipulating in-game currencies, among other things, a report released during the computer security conference Black Hat held in Las Vegas last week states.
They allegedly use the advanced tools provided by the Chinese government in targeting the video game industry. APT41 reportedly manipulated virtual currencies and deployed ransomware, FireEye reported.
“In three hours they generated millions in virtual currency, likely sold in underground markets—that could have netted up to $300,000,” Jacqueline O’Leary, a senior analyst at FireEye, told Forbes.
According to FireEye’s report, APT41 is a group of contractors hired by the Chinese government to conduct espionage campaigns.
FireEye believes APT41 works for the Chinese government because their espionage campaigns as far back as 2012 were aligned with China’s Five-Year economic development plan. FireEye listed one instance wherein the group accessed the reservation system of a hotel where Chinese officials were set to stay, presumably as reconnaissance to bolster security.
The group also has links to underground marketplaces and state-sponsored activity, which FireEye said could indicate that it either enjoys protections that allows it to conduct for-profit activities or that authorities are willing to overlook it.
“APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain,” said Sandra Joyce, Senior Vice President of Global Threat Intelligence at FireEye, in a press statement.
Chinese officials have repeatedly denied accusations of conducting cyber espionage. In 2015, the United States and China reached a “common understanding” to not conduct cyber espionage or intellectual property theft for commercial gain.
According to the report, APT41 has also allegedly stolen information from “organizations involved in the research, development, and sale of computer components used for machine-learning, autonomous vehicles, medical imaging, and the consumer market.”
They’ve also targeted “companies involved in producing motherboards, processors, and server solutions for enterprises."