An Israeli-American cybersecurity firm said Monday that it uncovered a “massive” hacking operation, apparently led by a hacking group believed to be backed by China, engaged in intellectual property (IP) theft and industrial espionage on three continents.
Cybereason, which is headquartered in Boston with offices in Tel Aviv, London, and Tokyo, said the group employed sophisticated methods and worked in an elusive manner to target technology and manufacturing companies in the US, Europe, and Asia and steal sensitive proprietary information.
Assaf Dahan, senior director and head of threat research at Cybereason, told The Times of Israel that the ring, known as the Winnti Group (and also tracked as APT41, Blackfly and Barium in cybersecurity circles) was “one of the most prolific and industrious groups in the cyber threat landscape,” and is known to operate on behalf of Chinese state interests.
The group has been active since at least 2010. Some known members of the group were indicted in 2020 by the US Department of Justice for computer crimes against some 100 companies in the US and other countries, including software development companies, computer hardware manufacturers, telecommunications providers, and gaming firms.
Dahan said Cybereason’s research showed that the Winnti Group engaged in “intellectual property theft and cyber espionage on a grand scale” since at least 2019, and possibly before. Cybereason began its research into the group’s industrial espionage operations last year, having been alerted by one of the targeted companies that something “funky” was afoot in its network, said Dahan, who is based in London.
“Their level of stealth and sophistication was very high,” Dahan said, describing the group’s modus operandi in the context of this specific hacking operation as a “house of cards” made up of several components that were interconnected and interdependent.
Discover more from LN247
Subscribe to get the latest posts sent to your email.
