Chinese espionage campaign targets manufacturers across the world: report
The alleged Chinese-state-backed hacker group is targeting intellectual property
Technology defense firm Cybereason on Wednesday published research accusing the Winnti Group, an alleged Chinese-state sponsored hacking group, of targeting Defense, Energy, Aerospace, Biotech, and Pharma manufacturers across North America, Europe, and Asia.
Winnti's malicious campaign, dubbed Operation Cuckoo Bees by Cybereason researchers, is one of the largest intellectual property theft efforts of this type coming from China, and it has been operating without detection since at least 2019, the defense firm stated in a press release.
"Operation Cuckoo Bees research is the culmination of a 12 month investigation that highlights the intricate and extensive efforts of the Chinese state-sponsored Winnti Group (APT 41) to abscond with proprietary information from dozens of global organizations," Lior Div, Cybereason CEO and Co-founder, said.
"The most alarming revelation is that the companies weren’t aware they were breached, going some as far back as at least 2019, giving Winnti free unfiltered access to intellectual property, blueprints, sensitive diagrams and other proprietary data," Div added.
Cybereason briefed the FBI and the Department of Justice on the investigation's findings.
The agency described Winnti as an "exceptionally capable adversary" with a "history of attacks and campaigns supporting Chinese state-sponsored espionage activity and financially-motivated attacks."
Intellectual property, including blueprints, formulas, diagrams, and sensitive documents, are Winnti's primary target, Cybereason stated. Winnti also gathered details about companies' user accounts and employees to use in future attacks.