Chinese hacking surges as Coronavirus pandemic unfolds

Many of the world's industries are slowing down amid the Coronavirus crisis, but some cybercriminals are not.

Rick Docksai | Apr 08, 2020

Many of the world's industries are slowing down amid the Coronavirus crisis, but some cybercriminals are not, several U.S. cybersecurity firms warn. They report increased activity from hacking groups linked to China since the international outbreak of coronavirus earlier this year.

One firm, FireEye Inc., stated in a report that it has detected a surge in cyber-espionage by a suspected Chinese group dating back to early January, when the pathogen was beginning to expand beyond China's borders. The report dubbed the group "APT41" and indicated that its hacking activity began on January 20 and targeted more than 75 of FireEye's customers, which include manufacturers, nonprofit groups, healthcare organizations, and media companies, among others.

It added that APT41 took advantage of certain flaws in software developed by Cisco, Citrix, and others to try to hack multiple companies' networks in the United States, Canada, Britain, Mexico, Singapore, Saudi Arabia, and more than a dozen other countries.

APT41's activity was "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years," according to the report.

It's also a departure from normal cybercrime trends, noted John Hultquist, FireEye's head of analysis. He said that hacking activity linked to China has generally become "more focused" and that widespread attacks on many targets such as this are rare.

FirEye isn't the only firm sounding alarms over Chinese hackers. Matt Webster, a researcher with Secureworks, Dell Technologies' cybersecurity arm, told Reuters that his team has seen increased activity from Chinese hacking groups in the last several weeks.