A Chinese cyberespionage actor targeted Canada and several other nations in what security experts are calling the “broadest campaign” of recent years.
The US cybersecurity company FireEye released a report on March 25 detailing attempts by a Chinese actor identified only as APT41 to access and exploit vulnerabilities in various industries.
“Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years,” claimed FireEye.
The sweeping attack targeted a number of industries including banking, government, healthcare, media and defence, among others. Over 75 of FireEye’s customers were targeted by the group.
According to FireEye Threat Intelligence, APT41 is likely a state-sponsored “dual espionage and cyber crime operation,” meaning they conduct surveillance on behalf of the Chinese government, while also seeking criminal profits.
“FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control,” writes FireEye.
“This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward.”
The USA, Australia, India, Italy, Japan, France and the UK were among the other countries also targeted in the attack.
FireEye did not reveal which specific organizations were hit by APT41. According to the firm’s Security Architect Christopher Glyet, there are multiple explanations for the attack including trade tensions between the US and China, as well as recent clashes over China’s role in the coronavirus outbreak.
The attacks attempted to abuse vulnerabilities in software created by Cisco, Citrix and other companies. According to both Cisco and Citrix, the vulnerabilities have since been resolved.