The Chinese have been busted by a Boston-based security firm, Cybereason, who have released a report about a “massive Chinese intellectual property theft operation” dubbed “Operation CuckooBees.”
According to the report, the operation involved Chinese hackers, who stole hundreds of gigabytes of high-tech intellectual property from at least 30 multinational corporations, including military technology and pharmaceutical data.
Cybereason said it was its Nocturnus Incident Response Team who discovered the hacker campaign, after Cybereason hired them to “investigate multiple intrusions targeting technology and manufacturing companies in North America, Europe and Asia” in 2021.
Nocturnus uncovered an “elusive and sophisticated cyber espionage campaign operating undetected since at least 2019,” likely perpetrated by an Advanced Persistent Threat (APT) group called Winnti.
Breitbart News reported:
“Winnti, also known as APT 41, BARIUM, and Blackfly, is a Chinese state-sponsored APT group known for its stealth, sophistication, and focus on stealing technology secrets,” the report explained.
Winnti has been active since at least 2010. Cybereason’s investigators said the group employed new strains of malware for the Operation CuckooBees caper, but also used some of its tried-and-true viruses to open backdoors into targeted computer systems and slowly, quietly extract huge amounts of data.
“Over the years, there have been multiple reports and US Department of Justice (DOJ) indictments tying Winnti to large-scale IP theft operations. Cybereason researchers believe that dozens of other companies were potentially affected by this, or similar campaigns carried out by Winnti,” Cybereason said.
Winnti is noted for conducting extensive reconnaissance of targeted systems before its malware is activated and data extraction begins. Cybereason said some of the data pilfered by Operation CuckoBees could be useful for facilitating future attacks.
Cybereason noted in a detailed analysis of the malware used in the attack:
Perhaps one of the most interesting and striking aspects of this report is the level of sophistication introduced by the malware authors. The infection and deployment chain is long, complicated and interdependent — should one step go wrong, the entire chain collapses — making it somewhat vulnerable, yet at the same time provides an extra level of security and stealth for the operation.
According to the report, it was “hard to estimate the exact number of companies affected by Operation CuckooBees” due to the “complexity, stealth, and sophistication of the attacks.”
Cybereason CEO Lior Div told CBS News during an interview: “We’re talking about Blueprint diagrams of fighter jets, helicopters, and missiles,”adding, “We saw them stealing IP of drugs around diabetes, obesity, depression.”
According to Div, the value of the stolen data could reach far into the trillions of dollars.
“The real impact is something we’re going to see in five years from now, ten years for now, when we think that we have the upper hand on pharmaceutical, energy, and defense technologies. And we’re going to look at China and say, how did they bridge the gap so quickly without the engineers and resources?” he warned.