Multiplayer online games

China-backed Winnti Group behind major cyber espionage uncovers US-Israeli firm

An Israeli-American cybersecurity firm has claimed that a China-backed group carried out a massive hacking operation for intellectual property theft and industrial espionage on three continents.

Boston-based Cybereason, with offices in Tel Aviv, London and Tokyo, said the group used sophisticated means and worked invisibly to acquire critical private information from technology and manufacturing organizations in the United States. , Europe and Asia.

The Winnti Group, also known as APT41, Blackfly and Barium, is known to operate on behalf of Chinese state interests. It’s an umbrella term for connected hacking groups that have been around since 2009 and have made a name for themselves attempting to hack into thousands of companies seeking intellectual property.

Asian game developers have been its target. For example, an attack on Gravity, the South Korean gaming company behind the massively multiplayer online role-playing game (MMORPG) Ragnarok Online, exposed the group’s trademark, according to a published threat report. in 2020.

The United States Department of Justice indicted some known members of the organization in 2020 for computer crimes against more than 100 companies in the United States and other countries, including software development companies, hardware manufacturers , telecommunications providers and gaming companies.

Separately, in 2019, the Bavarian Radio & Television Network (BR) and Norddeutscher Rundfunk (NDR), two German public broadcasters, published an investigative report into the cyber threat group and said it had been spying on certain companies for years. years.

According to Cybereason’s investigation, the Winnti Group has been involved in large-scale intellectual property theft and cyber espionage since at least 2019, and possibly earlier.

Company researchers were able to watch in real time as the gang attempted to collect sensitive data such as patent and product details, source codes, technical blueprints and manufacturing instructions.

During the investigation, dubbed “Operation CuckooBees”, Cybereason uncovered a previously unknown “malware family”, which included a new version of the Winnti virus known as WINNKIT, which Dahan described as a cyber -very powerful tool of Chinese origin, most likely military intelligence. .

According to Cybereason’s analysis, the malware allowed hackers to undertake reconnaissance and credential dumping to extract various passwords and login information, allowing them to move laterally across the network.

The report further notes that the attackers were able to steal extremely sensitive data from crucial servers and endpoints belonging to high-profile stakeholders.

The Federal Bureau of Investigation (FBI) and the Department of Justice have been notified of Cybereason’s findings.

Over the years, Western countries, especially the United States and the United Kingdom, have accused China of carrying out large-scale cyber operations aimed at stealing huge amounts of data, including trade secrets, scientific research and personal information.

Read all the latest IPL 2022 news, breaking news and live updates here.