The hacker group APT41 attacks companies in the areas of healthcare, telecommunications, fintech, media, and cryptocurrency exchanges. This activity is funded by the Chinese government, according to analysts of cybersecurity company FireEye.
Experts believe that the victims of APT41 are industry participants, the development of which is a priority in the current Chinese five-year period.
Industries Targeted by APT41
At the same time, APT41 pursues its own goals, extracting financial benefits from attacks, which is unusual for other groups under the Chinese government, according to FireEye.
APT41 is known to include at least two people with the pseudonyms Chzan Xuiguan and Wolfji. The group probably has connections with other hacker organizations like BARIUM and Winnti.
FireEye also evaluated at what time of the day the APT41 attacked the gaming industry (its core target) and businesses from other areas. It turned out that this was happening outside the framework of a standard working day - probably these people, among other things, have the main job.
APT41 Operational Times
According to the UN Security Council, hackers under the DPRK government stole about $ 2 billion from banking institutions and cryptocurrency exchanges.