U.S. cybersecurity firm FireEye said it suspects China is behind a surge in cyberspying that began in January, just when the coronavirus was starting to seriously spread outside of China, according to a report by Reuters.
The firm wrote a report that said it suspected the activity was coming from a hacking group called “APT41.” The attacks began on Jan. 20 and were aimed at more than 75 of FireEye’s customers, which include media firms, healthcare organizations, manufacturers and nonprofits.
As for why the attacks were happening, there were “multiple possible explanations,” according to FireEye Security Architect Christopher Glyer. He cited the ongoing trade war between the U.S. and China, and more recent conflicts over the coronavirus outbreak.
The report said the attack was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years,” although the firm would not identify particular customers.
Without directly responding to FireEye’s suspicions, the Chinese Foreign Ministry said China itself was “a victim of cybercrime and cyber attack.”
In its report, FireEye said APT41 took advantage of flaws in software from Cisco, Citrix and others, and attempted to breach companies in the United States, Canada, Britain, Mexico, Saudi Arabia, Singapore and many other countries.
Both Citrix and Cisco said they were working to close such vulnerabilities.
A researcher with Dell Technologies’ cybersecurity division, Matt Webster, said his team had also witnessed an uptick of attacks from Chinese hacking groups “over the last few weeks.”
He said he had especially noticed attacks from APT41, also known as Bronze Atlas. FireEye said it had “moderate confidence” that the group APT41 was made up of contractors from the Chinese government.
John Hultquist, the head of analysis at FireEye, said the surge in activity was especially surprising because China is usually much more focused in its hacking activity, saying, “This broad action is a departure from the norm.”