US DOJ has listed several arrest warrants for Chinese nationals believed to be part of APT41 (Barium). This group is allegedly behind the ASUS hack that lead to hundreds of thousands of infections due to the group using ASUS’s own code signing certificate to push their malware via the company’s update servers.
Some of these infected hosts were targeted with ransomware and cryptojacking malware. The group has engaged in financially-motivated attacks since at least 2012 by targeting gaming companies for the procurement of game currency.
This group, who had a front company named Chengdu 404, likely was coerced by Chinese state officials to engage in traditional espionage activities while allowing the group to continue their financial pursuits.
The group is not known to produce their own 0day exploits but are very quick to deploy new releases once an exploit is dropped, as they did in March 2020 with the Zoho ManageEngine exploit.
Chinese APT groups have traditionally had a reputation of government and corporate espionage for largely information purposes. It appears the Chinese state authorities are turning a blind eye to financially-focused groups so long as they perform actions on behalf of the Party in between their activities.