Truth, Inspiration, Hope.

‘Notorious’ State-Linked Chinese Hacking Group Responsible for Cyber Attacks on Dozens of Global Organizations, Claims Cybersecurity Firm

Published: May 5, 2022
Prince, a member of the Chinese hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. Cybersecurity firm Cybereason has uncovered a multi-year hacking operation by a state-back Chinese hacking group. (Image: NICOLAS ASFOURI/AFP via Getty Images)

A report, published on May 4 by security researchers with Cybereason, a cybersecurity firm, has revealed that a “notorious” state-linked Chinese hacking group dubbed, Winnti APT group (Winnti), that has existed since 2010, is behind cyber attacks on dozens of organizations across the globe. 

Cybereason published the report following a 12 month investigation into the group and found that the government backed hackers waged a global cyber espionage campaign “targeting manufacturers across North America, Europe and Asia in the Defense, Energy, Aerospace, Biotech and Pharma industries,” calling the campaign, “one of the largest IP theft campaigns of its kind coming from China.”

The cyber security experts uncovered an operation by the group dubbed “Operation CuckooBees” that has gone undetected since at least 2019. According to the report, the operation likely siphoned “thousands of gigabytes of intellectual property and sensitive proprietary data from dozens of companies.”

Cybereason has published two reports on the matter, the first explores the tactics and techniques used in the overall campaign and the second is a detailed analysis of the malware and exploits used by the group. 

Multi-year cyber espionage intrusions

Cybereason’s team says it investigated “a sophisticated and elusive cyber espionage operation” with the goal to steal sensitive proprietary information from technology companies from across the globe.

Due to the group’s use of “digitally signed, kernel-level rootkits” as well as an “elaborate multi-stage infection chain” the group’s activities have gone undetected for years.

Cybereason CEO, Lior Div, said in a statement, “The most alarming revelation is that the companies weren’t aware they were breached, going some as far back as at least 2019, giving Winnti free unfiltered access to intellectual property, blueprints, sensitive diagrams and other proprietary data.”

The firm has said that it has briefed both the Federal Bureau of Investigation (FBI) and the U.S. Justice Department on their findings. 

When confronted about the report, Chinese Embassy spokesperson Liu Pengyu told CNN that China “will never encourage, support or condone cyber attacks.”

“China opposes groundless speculation and accusations on the issue of hacker attacks,” Liu added. “If the firm really care  about global cyber security, they should pay more attention to the cyber attacks by the US government-sponsored hackers on China and other countries,” he said.

Last month, China made headlines for other cybersecurity reasons after Beijing allegedly launched a major cyberattack on Ukraine’s military and nuclear facilities just prior to Moscow launching its “special military operation” on Ukraine.

“At that time, a report in a British newspaper, The Times, said that Ukraine’s security service had accused the Chinese government of attempting to hack over 600 websites connected to the government and other key institutions,” The Hill reported.