Last month a US cyber security firm, FireEye, said they had seen a disconcerting spike in activity from what looks like a Chinese hacking group. The group in question is known as APT41, a prolific hacking group from China, who as well as deploying financially motivated attacks, also perform acts of state-sponsored espionage as contractors to the government.
Focusing on a couple of particular targets is a typical Chinese hackers’ strategy, however in this instance FireEye noticed the spike in attacks against companies in about twenty countries, including the UK, US, and Canada. The hackers are reportedly downloading company files via FTP after gaining access to a victim’s network by exploiting flaws in the software of both hardware and applications developed by several companies, including Cisco and Citrix. In a published report, FireEye go on to explain several additional attacks that are being executed by the hacker group.
In a statement to Reuters, both Cisco and Citrix said the vulnerabilities that were being exploited by APT41 had been patched. Reuters also contacted Secureworks, the cybersecurity branch of Dell Technologies, who stated that ‘over the last few weeks’ they had also seen a spike in activity from Chinese hackers.
With the volume of countries being targeted and the frequency of the attacks, FireEye says that ‘This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years.’, they go onto warn that ‘This new activity from this group shows how resourceful and how quickly they can leverage newly disclosed vulnerabilities to their advantage.’.