Chinese hackers took away trillions of intellectual property from nearly 30 multinationals

A year-long malicious cyber operation led by notorious Chinese state actor, APT41, has embezzled an estimated trillions in intellectual property theft from nearly 30 multinationals in the manufacturing, energy and pharmaceutical sectors.

A new report from Boston-based cyber security firm, Cyberiasan has uncovered a malicious campaign – dubbed Operation Cuckoobees Hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, from technology and manufacturing companies spread across North America, Europe, and Asia.

“We’re talking about blueprint diagrams of fighter jets, helicopters and missiles,” Cyberion CEO Lior Div told CBS News. In Pharmaceuticals, “we saw them steal the IP of drugs around diabetes, obesity, depression.” The campaign isn’t over yet.

Div said cybercriminals were focused on obtaining blueprints of cutting-edge technologies, most of which had not yet been patented.

Intrusion also extracted data from the energy industry – including the design of solar panels and edge vacuum system technology. “It’s not [technology] What you have at home,” Div said. “It’s exactly what you need for large-scale manufacturing plants.”

The report does not disclose a list of affected companies, but researchers found a cyber espionage campaign – which had been going undetected since at least early 2019 – collected information that could be used for future cyberattacks or potential extortion campaigns. Has – details about the companies’ business units, network architecture, user accounts and credentials, employee email and customer data.

CyberSun first caught wind of the operation in April of 2021, after a potential intrusion was flagged off by a company during a business pitch meeting with a cybersecurity firm. Discovering APT 41, analysts reverse engineered the attack to uncover every move taken inside the environment, “picking and choosing the right information that they must collect in order to maintain full access to everything in the network.” needed to be done.”

That full access enabled cybercriminals to sift out the enormous amount of information needed to mimic complex engineering, including rocket-propelled weapons. “For example, to rebuild a missile there are hundreds of pieces of information that you need to steal in a specific way to be able to reconstruct and rebuild that technology,” Div said.

APT 41 or “Winty” – also known by names affiliated with Barium and Blackfly – with a history of launching CCP-backed espionage activity and launching financially motivated attacks on the US and other, Chinese state-sponsored threat groups remains the most successful and successful in International targets, regularly aligned with China’s five-year economic development plans.

In May 2021, the Justice Department charged four Chinese nationals linked to APT 41 of participating in a global computer intrusion campaign targeting intellectual property and sensitive business information.

The FBI has estimated in its report that counterfeit goods, pirated software and theft of trade secrets cost the US economy between $225 billion and $600 billion annually.

But CyberSun researchers say its exact economic impact is hard to predict. Operation Cuckoobees Because of the complexity, stealth and sophistication of the attacks, as well as the long-term impact of robbing multinational companies of the research and development building blocks.

“It’s important to account for the full supply chain — basically the sales of an evolved product in the future, and all the derivatives that you’re going to get out of it,” Div said.

“In our assessment, we believe we are talking about trillions, not billions,” Div said. “The real impact is something that we’re going to see in five years from now, ten years from now, when we think we have the upper hand on pharmaceutical, energy and defense technologies. And we’re going to see China and Say, how did they bridge the gap so quickly without engineers and resources?”

Cybersecurity firms, including Asset Research, have previously conducted elaborate supply chain attacks carried out by APT41. In August 2019, Mandient released a report detailing the development of the group’s strategy, and techniques, as well as details of individual criminal actors.

As Cyberrion reports, the APT group took advantage of both known and previously unspecified malware exploits, using “digitally signed kernel-level rootkits as well as an extensive multi-stage infection chain”, consisting of six parts. were involved. That secret playbook helped criminals gain unauthorized control of computer systems while remaining undetected for years.

FBI continues to warn that China is America’s biggest counterintelligence threat

,[China has] A bigger hacking program than every other major nation combined. And their biggest target is, of course, the United States,” FBI Director Christopher Wray said Friday during a public forum at the McCain Institute.

According to the latest annual survey by the US Trade Representative’s Office, the CCP continues to increase theft of US technology and intellectual property by conducting illegal economic activities.

Ray says the FBI opens a new China counterintelligence investigation every 12 hours. Last year, the US government attributed a major attack Targeting Microsoft Exchange ServerS for Chinese state actors.

“Across the Chinese state, in almost every major city, they have thousands of hackers contracted by the Chinese government or the Chinese government who spend all day – with a lot of money and very sophisticated equipment – ​​trying to figure out why. How companies hack into networks … to try to steal their trade secrets,” Ray said.

Leave a Reply