Cybersecurity firm Cybereason revealed earlier this month that a group of Chinese hackers had been carrying out a cyber espionage campaign for more than 3 years. The latter used a difficult to detect malware to divert confidential information on many companies.
A cyberattack that has been going on for 3 years
It was cybersecurity researchers for Cybereason who alerted the FBI and the United States Department of Justice. The cyber espionage campaign, dubbed CuckoBees, is said to have started in 2019, at least.
US health authorities have tracked the geolocation of millions of people
In 2021, the company’s response team investigated breaches at numerous technology and manufacturing companies in North America, Europe and Asia. That’s when they discovered the existence of these underwater attacks.
Hackers have taken advantage of going undetected for years to siphon off hundreds of gigabits of information. Their main objective was the theft of intellectual properties. In the lot? Sensitive documents, plans, diagrams, etc.
They also harvested data that could be used for potential future cyberattacks such as companies’ workforces, their network architecture, user accounts and credentials, customer data, and more.
Chinese hackers behind the attack
In their report, Cybereason attributes this cyberattack to the Chinese hacker group Winnti. Known by other names (APT41, Barium, Blackfly), the group is backed by China and is renowned for its stealth, sophistication and interest in stealing technological secrets.
According to the cybersecurity firm, Winnti is ” the most prolific and effective group that exists “. The hackers reportedly used a “house of cards” technique, an approach where each component depends on the others to function properly, making it very difficult to detect each of them separately.
Some members of the group are already known to US authorities and are actively sought. They were involved, two years earlier, in the theft of online game source codes and digital certificates signed by more than 35 companies.
Some members of the Winnti group wanted by the FBI. Screenshot: FBI.
Although the financial damage of this long-range cyberattack is difficult to estimate, one thing is certain: it was extremely costly. Indeed, the theft of intellectual property nullifies all competitive advantages in the market.
It is also difficult to know how many companies have been affected by the Chinese malware, in particular because of its great discretion. Cybereason estimates that dozens of them may have been the target of attacks.
China has repeatedly been embroiled in such cyberattacks to get its hands on the technological advances of American companies. In February, the FBI estimated, after investigating several thousand cases, that Beijing was behind the majority of cyberattacks against the United States.