A malicious cyber operation led by the infamous Chinese state actor APT 41 has siphoned out estimated trillions in stolen intellectual property from approximately 30 global manufacturing, energy, and pharmaceutical corporations.
Cybereason, a Boston-based cybersecurity firm, has uncovered a malicious campaign, dubbed Operation CuckooBees, that exfiltrated hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data, from multiple intrusions at technology and manufacturing companies in North America, Europe, and Asia.
Cybereason CEO Lior Div told CBS News, "We're talking about Blueprint diagrams of fighter jets, helicopters, and missiles," In the pharmaceutical industry, "we saw them stealing IP of drugs around diabetes, obesity, depression." The campaign has not yet been terminated.
The majority of plans for cutting-edge technologies were not yet patented, Div claimed.
The attack also extracted information from the energy sector, including designs for solar panels and edge vacuum system technology. "This is not [technology] that you have at home," Div said, which is necessary for large-scale manufacturing units.
Researchers discovered that the cyber espionage campaign — which had been operating undetected since at least early 2019 — collected information that could be used for future cyberattacks or potential extortion campaigns — information about companies' business units, network architecture, user accounts and credentials, employee emails, and customer data.
Cybereason first learned of the operation in April 2021, when a company identified a potential attack during a business pitch meeting with the cybersecurity firm. Analysts reverse-engineered the attack to expose every malicious actor's action within the environment, revealing that APT 41 "maintained full access to everything in the network in order for them to pick and choose the right information that they needed to collect."
This unfettered access allowed thieves to exfiltrate the copious amounts of data necessary to duplicate complex designs, including rocket-powered weaponry. "For example, to rebuild a missile there are hundreds of pieces of information that you need to steal in a specific way in order to be able to recreate and rebuild that technology," Div explained.
APT 41 or "Winnti," also known as BARIUM and Blackfly, remains one of the most prolific and successful Chinese state-sponsored threat groups, with a history of launching CCP-backed espionage activity and financially motivated attacks on U.S. and other international targets, routinely aligned with China's Five-Year economic development plans.
In May 2021, the Justice Department prosecuted four Chinese nationals associated with APT 41 for their conduct in a global computer intrusion campaign targeting intellectual property and sensitive commercial information.
The FBI estimated that counterfeit goods, software piracy, and trade secret theft cost the U.S. economy between $225 billion and $600 billion annually.
Cybereason analysts claim it is difficult to assess the precise economic impact of Operation CuckooBees due to the intricacy, stealth, and sophistication of the operations and the long-term implications of robbing multinational corporations of research and development building blocks.
"It's important to consider the entire supply chain," Div added, "basically selling a developed product in the future and all the derivatives you'll get out of it."
According to our estimation, we speak of trillions, not billions, said Div. "In five to ten years, when we believe we have the upper hand in pharmaceutical, energy, and defense technology, we will observe the true impact. How could China close the gap so swiftly without engineers or resources?"
Cybersecurity organizations, notably Eset Research, have described APT 41 supply chain assaults. In August of 2019, Mandiant published a study describing the progress of the group's strategies, methodologies, and criminal actors.
According to Cybereason's research, the APT organization utilized both known and previously undiscovered malware exploits, employing "digitally signed kernel-level rootkits and an elaborate multi-stage infection chain," consisting of six pieces. This secret playbook helps crooks obtain illegal access to computer systems while remaining undiscovered for years.
The FBI has repeatedly warned that China poses the greatest counterintelligence threat to the United States.
"China's hacking operation is larger than those of any other significant nation combined. Of certainly, the United States is their primary target "FBI Director Christopher Wray stated on Friday during a public forum hosted by the McCain Institute.
According to the most recent annual assessment by the Office of the U.S. Trade Representative, the CCP continues to steal more U.S. technology and intellectual property through illicit economic operations.
Every 12 hours, according to Wray, the FBI initiates a new China counterintelligence probe. In 2016, the U.S. government attributed a significant attack against Microsoft Exchange servers to Chinese state actors.
"Across the Chinese state, in pretty much every major city, they have thousands of either Chinese government or Chinese government-contracted hackers who spend all day – with a lot of funding and very sophisticated tools – trying to figure out how to hack into companies networks… to try to steal their trade secrets," Wray said.