Cybersecurity firm Cybereason revealed earlier this month that a group of Chinese hackers were behind a cyber espionage campaign for over 3 years. They used a malware that is difficult to detect to steal confidential information about many companies.
A cyberattack in progress for 3 years
It was cybersecurity researchers for Cybereason who alerted the FBI and the U.S. Department of Justice. The cyber espionage campaign, dubbed CuckooBees, is believed to have begun in 2019, at least.
In 2021, the company’s response team investigated intrusions into numerous technology and manufacturing companies in North America, Europe and Asia. That’s when they discovered the existence of these underwater attacks.
Hackers took advantage of going undetected for years to siphon off hundreds of gigabits of information. Their main goal was to steal intellectual property. In the bundle? Sensitive documents, plans, schematics, etc.
They also harvested data that could be used for potential future cyberattacks such as company staffing, network architecture, user accounts and credentials, customer data, etc.
Chinese hackers behind the attack
In their report Cybereason attributes this cyberattack to the Chinese hacker group Winnti. Known by other names (APT41, Barium, Blackfly), the group is supported by the China and is known for its stealth, sophistication and interest in stealing technological secrets.
According to the cybersecurity company, Winnti is ” the most prolific and effective group in existence “. The hackers reportedly used a “house of cards” technique, an approach where each component depends on the others to function properly, making it very difficult to detect each one separately.
Some members of the group are already known to U.S. authorities and are actively sought. They were involved, two years earlier, in the theft of online game source code and digital certificates signed by over 35 companies.
Some members of the Winnti group wanted by the FBI. Screenshot: FBI.
While the financial damage of this long-running cyberattack is difficult to estimate, one thing is certain: it was extremely costly. Indeed, the theft of intellectual property negates any competitive advantage in the marketplace.
It is also difficult to know how many companies have been affected by the Chinese malware, partly because of its high secrecy. Cybereason estimates that dozens of companies may have been targeted.
China has been involved many times in this type of cyberattack to get its hands on the technological advances of American companies. In February, the FBI estimated, after investigating several thousand cases, that Beijing was behind the majority of cyber attacks against the United States.
