A malicious cyber operation spearheaded for years by notorious Chinese state actor APT 41 has siphoned off an estimated $30 billion in intellectual property theft from around 30 multinational companies in manufacturing, energy and pharmaceuticals.
A new report from Boston-based cybersecurity firm Cybereason has uncovered a malicious campaign – dubbed Operation CuckooBees – exfiltrate hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas and proprietary manufacturing-related data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe and in Asia.
“We’re talking Blueprint schematics of fighter jets, helicopters and missiles,” Cybereason CEO Lior Div told CBS News. In pharmaceuticals, “we’ve seen them steal intellectual property from drugs around diabetes, obesity, depression.” The campaign has not yet stopped.
Cybercriminals were focused on obtaining blueprints for cutting-edge technologies, the majority of which were not yet patented, Div.
The intrusion also exfiltrated energy industry data, including solar panel designs and edge vacuum system technology. “It’s not [technology] that you have at home,” noted Div. “It’s what you need for large-scale manufacturing plants.
The report does not disclose a list of the companies involved, but researchers found that the cyber espionage campaign – which had been operating undetected since at least early 2019 – was collecting information that could be used for future cyberattacks or for intelligence campaigns. potential extortion – business details. business units, network architecture, user accounts and credentials, employee emails and customer data.
Cybereason first learned of the operation in April 2021, after a company flagged a potential breach during a business meeting with the cybersecurity firm. Analysts reverse-engineered the attack to uncover every step malicious actors performed in the environment, finding that APT 41 “maintained full access to everything on the network so they could pick out the right information that they had to collect”.
This full access has allowed cybercriminals to exfiltrate tedious amounts of information needed to duplicate complex engineering, including rocket-propelled weapons. “For example, to rebuild a missile, there’s hundreds of pieces of information that you have to steal in a specific way in order to be able to recreate and rebuild that technology,” Div said.
APT 41 or “Winnti” – which also goes by the names of affiliates BARIUM and Blackfly – remains one of the most prolific and successful Chinese state-sponsored threat groups, with a history of launching anti-terrorism activities. CCP-backed espionage and financially motivated attacks against the United States and other countries. international goals, regularly aligned with China’s five-year economic development plans.
In May 2021, the Department of Justice charged four Chinese nationals connected to APT 41 for their participation in a global computer intrusion campaign targeting intellectual property and sensitive commercial information.
The FBI estimated in its report that the annual cost to the US economy of counterfeit goods, pirated software and trade secret theft is between $225 billion and $600 billion.
But Cybereason researchers say it’s difficult to estimate the exact economic impact of Operation CuckooBees due to the complexity, stealth and sophistication of the attacks, as well as the long-term impact of multinationals stealing research and development building blocks.
“It’s important to consider the whole supply chain – basically selling a product developed in the future, and all the derivatives you’ll get from it,” Div said.
“In our assessment, we think we’re talking trillions, not billions,” added Div. “The real impact is something we’re going to see in five years, ten years to now, when we think we have the upper hand in pharma, energy and defense technologies. And we’re going to look at China and say, how have- Could they close the gap so quickly without the engineers and the resources?”
Cybersecurity firms, including Eset Research, have previously detailed the supply chain attacks carried out by APT 41. In August 2019, Mandiant published a report detailing the evolution of the group’s tactics and techniques, along with descriptions of individual criminal actors.
According to Cybereason’s report, the APT group exploited both known and previously undocumented malware exploits, using “digitally signed kernel-level rootkits along with an elaborate multi-step infection chain”, consisting of six parts. This underground playbook has helped criminals take unauthorized control of computer systems while remaining undetected for years.
The FBI has consistently warned that China poses the greatest counterintelligence threat to the United States.
“[China has] a piracy program bigger than that of all the other major nations combined. And their biggest target is, of course, the United States,” FBI Director Christopher Wray said Friday in a public forum at the McCain Institute.
The CCP continues to increase its theft of U.S. technology and intellectual property through illicit economic activities, according to the latest annual survey from the Office of the U.S. Trade Representative.
Wray says the FBI opens a new counterintelligence investigation into China every 12 hours. Last year, the US government attributed a massive attacks to Chinese state actors.
“Throughout the Chinese state, in almost every major city, there are thousands of Chinese government or Chinese government-contracted hackers who spend all day – with lots of funding and very sophisticated tools – to trying to figure out how to hack into corporate networks…to try to steal their trade secrets,” Wray noted.