Boston-based cybersecurity company Cybereason elaborated on the malicious operation called “Operation CuckooBees” in a May 4 post. The operation involved the theft of intellectual property and sensitive data from technology and manufacturing companies located in North America, Europe and Asia since 2019. Blueprints, diagrams, formulas and manufacturing-related proprietary data were among those compromised in the attack.
“In addition, the attackers collected information that could be used for future cyberattacks, such as details about the target company’s business units, network architecture, user accounts and credentials, employee emails, and customer data,” stated the May 4 post. “For years, the campaign had operated undetected, siphoning intellectual property and sensitive data.”
Cybereason was first made aware of the malicious operation in April 2021 after a company flagged a potential intrusion during a business pitch meeting. Analysts from its incident response team reverse-engineered the cyberattack to determine how the client’s network was compromised. They subsequently found that the bad actors “maintained full access to everything in the network in order for them to pick and choose the right information that they needed to collect.”
Cybereason CEO Lior Div expounded on the extent of the breach, telling CBS News that “blueprint diagrams of fighter jets, helicopters and missiles” were among those stolen. The pharmaceutical and energy industries were also not spared. IP of drugs for depression, diabetes and obesity were stolen from the former, while designs of solar panels and edge vacuum system technology were stolen from the latter.
Div noted that the full access enabled the hackers to obtain substantial amount of information needed to duplicate complicated engineering. “For example – to rebuild a missile, there are hundreds of pieces of information that you need to steal in a specific way in order to be able to recreate and rebuild that technology.”
Chinese hacking group APT41 behind Operation CuckooBees
According to researchers at the Boston-based cybersecurity firm, Chinese hacker collective APT41 was behind the intrusion. APT41 also goes by different names including Winnti, BARIUM and Blackfly. The group sponsored by Beijing is known for stealth, sophistication and focus on data related to technology, the researchers added.
Cybereason said APT41 “has existed since at least 2010 and is believed to be operating on behalf of Chinese state interests.” The communist country and “entities aligned with Chinese interests” – including APT41 – “frequently engage in IP theft.”
But prior to the discovery of Operation CuckooBees, APT41 hacked the networks of six U.S. state governments beginning in May 2021. A report by the Reston, Virginia-based cybersecurity firm Mandiant confirmed this cyberattack in a March 8 report. The report, however, did not name the states impacted by the APT41 hacking. (Related: Report: China HACKED networks of at least SIX state governments in 2021.)
According to the report, APT41 hackers took advantage of a previously unknown vulnerability in a commercial web application used by 18 states for animal health management. They also exploited the LOG4j software flaw first discovered in December to illegally access state government data.
Geoff Ackerman, Mandiant principal threat analyst, said in a statement: “We cannot allow other cyber activity to fall to the wayside, especially given our observations that this campaign from APT41 – one of the most prolific threat actors around – continues to this day.”
Rufus Brown, Mandiant senior threat analyst, pointed out that APT41’s “persistence to gain access into government networks … [shows] that whatever they are after is important.” He added: “We have found them everywhere, and that is unnerving.”
The report noted that despite being indicted by the Department of Justice in September 2020, APT41 and hackers who are part of it “continue to be undeterred” in their cyberattacks against the United States.
CommunistChina.news has more stories about Chinese hackers stealing intellectual property at the behest of Beijing.
Watch the late economics professor Martin Feldstein discussing concerns about Chinese intellectual property theft below.
This video is from the NewsClips channel on Brighteon.com.
More related stories: