A US cybersecurity firm said on Wednesday it discovered a wave of new cyber-espionage by a suspected Chinese group dating back to late January, when the corona virus began to spread outside of China. FireEye Inc. said in a report that it had noticed a spike in activity from a hacking group that called it “APT41” that started on January 20 and targeted more than 75 of its customers, from manufacturers and media companies to health and non-profit organizations.
There were “multiple possible explanations” spike in activity, FireEye Security Architect Christopher Glyer said, pointing to longstanding tensions between Washington and Beijing over trade and more recent clashes over the corona virus outbreak, which has affected more than 17,000 people since late last year. killed. According to the report, it was “one of the broadest campaigns by a Chinese cyber espionage actor we have seen in recent years.”
FireEye refused to identify the affected customers. The Chinese foreign ministry did not directly address FireEye’s claims, but said in a statement that China was “the victim of cybercrime and attacks”. The US office of the director of National Intelligence declined to comment. FireEye said in its report that APT41 took advantage of recently revealed bugs in software developed by Cisco, Citrix and others to attempt to break into dozens of corporate networks in the United States, Canada, Great Britain, Mexico, Saudi Arabia , Singapore and more than a dozen other countries.
Cisco said in an email that it corrected the vulnerability and that it was aware of attempts to exploit it, a sentiment echoed by Citrix, saying it had partnered with FireEye to help “potential compromises” identify. Others have also noted a recent increase in cyber-espionage activities related to Beijing.
Matt Webster, a researcher at Secureworks – Dell Technologies’ cybersecurity department – said in an email that his team had also seen “increased activity” from Chinese hacker groups in recent weeks. In particular, he said his team had recently discovered new digital infrastructure related to APT41 – which Secureworks calls “Bronze Atlas”.
Linking hacking campaigns to a specific country or entity is often uncertain, but FireEye said it judged “with moderate confidence” that APT41 was composed of Chinese government contractors. FireEye head John Hultquist said the increase was surprising as the hacking activity attributed to China has generally become more targeted.
“This broad action deviates from that norm,” he said.
(This story has not been edited by staff and is automatically generated from a syndicated feed.)
News
