The group, known as Barium, allegedly attacked hundreds of targets around the world and manipulated in-game goods and currency.
For years, a group of Chinese hackers known as Barium, Winnti or APT41 ,carried out a unique combination of sophisticated hacks that each time more and more puzzled the cybersecurity researchers who tracked them.
At times they seem to focus on conventional state-sponsored espionage, while at other times their attacks have been more like traditional cybercrimes. Now, a series of federal indictments have named these perpetrators by name and cast a new light on their activities.
The five Chinese hackers are accused of a complex scheme to break into the networks of hundreds of global companies across a wide range of industries, as well as think tanks, universities, foreign government agencies, and the accounts of Hong Kong government officials. The victims are in a dozen Asian countries, as well as the US, France, Australia, the UK and Chile.
The Justice Department says hackers hit dozens of private companies and stole millions of dollars using ransomware, cryptojacking, and stealth miners that use hacked computers to generate cryptocurrency. In many cases, hackers have used a rare technique known as a "supply chain attack" to inject malicious code into software used by their targets.
But the most interesting element of the schemes uncovered in the indictments is the attack on nine video game firms .
Court documents describe how attackers used "supply chain attacks" and spear phishing to infiltrate the networks of these companies. Once they gained access, they created in-game goods and artificially increased the amount of virtual currency in their accounts, which they then supposedly sold on a marketplace they controlled called SEA Gamer.
A California-based video game company was hacked after hackers sent an email posing as a former employee with a resume containing malware, according to court documents.
"We’re sadly seeing this as a new area that hackers are operating in, and it’s a billion-dollar industry," Michael Sherwin, acting U.S. Attorney in Washington, DC, said at a press briefing.
Purchases in video games are growing every month. The free-to-play Fortnite generated $ 2.4 billion in in-app purchase revenue in 2018. This industry is already starting to attract interest from hackers.
According to representatives of the Ministry of Justice, the hacking campaign began in June 2014 and lasted until August of this year. This affected video game companies based in the US, South Korea, Japan and Singapore.
FBI poster looking for five Chinese hackers.
With access to the internal network of video game producers, attackers could also determine their detection. According to Justice Department officials, the hackers followed their defenses and often bypassed them to continue their campaign.
The hackers gained access to 25 million records of customer names, addresses, password hashes, emails and other personal information.
The hackers also used their access to sabotage their video game competitors, according to court documents.