In a new report, FireEye Threat Intelligence has stated that a state-sponsored espionage group is targeting cryptocurrency firms in China.

The California-based intelligence-led security company has released the details of its newly named Advanced Persistent Threat group – APT41. The report states:

“FireEye Threat Intelligence assesses with high confidence that APT41 is a Chinese state-sponsored espionage group that is also conducting financially motivated activity for personal gain.

“… APT41 carries out an array of financially motivated intrusions, particularly against the video game industry, including stealing source code and digital certificates, virtual currency manipulation, and attempting to deploy ransomware.”

As per the report, APT41 has targeted organizations in 14 countries (and Hong Kong) over 7 years, including France, India, Italy, Japan, Myanmar, the Netherlands, Singapore, South Korea, South Africa, Switzerland, Thailand, Turkey, the United Kingdom, and the United States.

The group’s espionage operations against entities in these countries were aligned with the targeting of verticals consistent with Chinese national policy priorities, FireEye said.

Speaking of the attacks on cryptocurrency firms, the report said that APT41 sent spear-phishing emails in June 2018 to lure targets to join a decentralized gaming platform linked to a cryptocurrency service. The emails were reportedly sent from an email address listed with the name Tom Giardino, who seems to be a reference to an employee at Valve, an American video game developer responsible for the software distribution platform Steam and various video games.

The hacking group used the same email address to target a cryptocurrency exchange in the same month.

Later in October, the hacking group deployed XMRig, a Monero cryptocurrency mining tool, in a target’s computer demonstrating a continued interest in cryptocurrency.

TokenPost | [email protected]