Double Dragon (hacking group)

[4] Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

[5][6][7][8] In 2019, the cybersecurity company FireEye stated with high confidence that the group was sponsored by the Chinese Communist Party (CCP) while conducting operations for financial gain.

[9][12] The FBI has issued wanted posters for Haoran Zhang, Dailin Tan, Chuan Qian, Qiang Fu, and Lizhi Jiang, whom they have found to be linked with APT 41.

[1] Zhang and Tan were indicted on August 15, 2019, by the Grand jury in the District of Columbia for charges associated with hacking offences, such as unauthorized access to protected computers, aggravated identity theft, money laundering and wire fraud.

[14] Such operations were to occur in countries like the United States, Brazil, Germany, India, Japan, Sweden, Indonesia, Malaysia, Pakistan, Singapore, South Korea, Taiwan, and Thailand.

[15] These schemes, particularly a series of computer intrusions involving gaming industries, were conducted under the Malaysian company Sea Gamer Mall, which was founded by Wong.

[23] APT 41 targeting is consistent with the Chinese government's national plans to move into high research and development fields and increase production capabilities.

Their usage of HOMEUNIX and PHOTO in their personal and financially motivated operations, which are malware inaccessible to the public used by other state-sponsored espionage actors also evidences this stance.

[9][27][32] The targeting of tech firms align with Chinese interest in developing high-tech instruments domestically, as demonstrated by the 12th and 13th Five-Year Plans.

[33] The German company TeamViewer AG, behind the popular software of the same name which allowed system control remotely, was hacked in June 2016 by APT 41 according to a FireEye security conference.

[27] In one FireEye reported case, the group was able to generate virtual game currency and sell it to buyers through underground markets and laundering schemes,[1][9][19] which could have been sold for up to US$300,000.

[9] FireEye reports that APT 41's activities are on average between 10:00 to 23:00 China Standard Time, which is typical for Chinese tech workers who follow a "996" work schedule.

[37] On September 16, 2020, the United States Department of Justice released previously sealed charges against 5 Chinese and 2 Malaysian citizens for hacking more than 100 companies across the world.

[1][38] These include firms involved in social-media, universities, telecommunications providers, software development, computer hardware, video-games, non-profit organizations, think tanks, foreign governments, and pro-democracy supporters in Hong Kong.

[40] Two of the Chinese hackers also conducted attacks on the US gaming industry, which involved at least 6 companies in New York, Texas, Washington, Illinois, California, and the United Kingdom.

[1] The FBI also credited the Taiwanese Ministry of Justice Investigation Bureau, which helped provide information to US authorities after discovering APT 41 servers set up in California.

[39][40] Rosen also claimed that the Chinese Communist Party was "making China safe for their cyber criminals" as they continue to assist them in espionage.

[40] Chinese Foreign Ministry spokesman Wang Wenbin says that the US uses its own cybersecurity issues to "attack China" through spreading false information, and political manipulation.

[38] This announcement was made during President Donald Trump's re-election campaign, associating the Chinese Communist Party with various cyber-espionage attacks.