A Chinese threat actor, known to have perpetrated a series of state-sponsored espionage attacks, has been covertly staging financially motivated activities targeting the video game industry.

According to cybersecurity firm FireEye, the cyber threat group — dubbed Advanced Persistent Threat 41 (APT41) — is unique in that “it leverages clandestine malware about aloof for espionage campaigns in what appears to be action for claimed gain.”

While the group appears to have been active at least since 2012, the public acknowledgment suggests that its twin motivations became credible from 2014 onward.

Called Barium or Winnti by other companies, APT41 has been ahead linked to assorted supply chain compromises targeting Asus, NetSarang, and CCleaner utility in recent years.

Balancing espionage and financially motivated attacks

APT41 is said to have launched several intelligence acquisition campaigns ahead of acute political events and cardinal business decisions, with focus on verticals like pharma, healthcare, retail, education, and basic currencies.

The group has gone after companies amid in at least 14 countries, including France, India, Singapore, South Korea, the UK, and the US, absorption the global nature of the attacks.

In addition, it’s also consistently targeted the video game industry — development studios and publishers — directly and via supply chain compromises, even as the group moved away from burglary bookish acreage in 2015 afterward a celebrated Sino-US acceding that put an end to cyber-enabled theft for commerical gain.

Per FireEye, the threat actor attempted to steal data from a healthcare aggregation while also accompanying deploying ransomware at a game development studio.

The campaigns work by injecting malware into accepted video game software from third-parties, which are after broadcast to victim organizations.


Furthermore, APT41 has leveraged a array of approach — spear-phishing, bootkits, capturing server credentials, and using compromised agenda certificates from game studios to sign malware — in order to gain access to development environments and administer awful code.

Interestingly, while the modus operandi adulterated bags of systems, the hackers ultimately take advantage of the advance to target specific individuals, the advisers noted.

Once inside the environment, it exploits custom-built tools to gain animated access to systems and accomplish tens of millions of dollars in the game’s basic currency, which is most likely sold in underground markets. Failing the objective, the group is also said to have deployed ransomware to aggregate money from the victim.

A do-it-all hacking group

What’s more, APT41 has proven to be article of a able adversary, accepting capabilities to steal call record advice from telecom companies, and analyze dissidents in China.

The allegation come close on the heels of agnate disclosures by F-Secure and IBM, which have warned of added malware attacks on banking institutions, infrastructure, and state-run facilities.

Read next: New Zealand greenlights Bitcoin salary adjustment – but it’s still a bad idea