Subj : Cybercriminals linked to China are going after Russian targets
To   : All
From : TechnologyDaily
Date : Thu Aug 15 2024 12:30:05

Cybercriminals linked to China are going after Russian targets

Date:
Thu, 15 Aug 2024 11:23:00 +0000

Description:
Kaspersky finds multiple malware variants, all seemingly developed by Chinese 
hackers.

FULL STORY
======================================================================

It would seem China and Russia arent exactly allies when it comes to 
cyberspace, as the latter has apparently spotted malware associated with the 
former on devices belonging to its government and IT providers. 

Cybersecurity researchers from Kaspersky claim since late July, they spotted 
dozens of infected computers, all compromised in a campaign they called 
EastWind. These malware samples obtained in their analysis seem to have been 
developed by two China-nexus groups, called APT27, and APT31. 

Kaspersky said the initial compromise was done via phishing emails. The 
crooks would send emails with two attachments, one legitimate, and one 
malicious. The latter would communicate with DropBox, GitHub, Quora, 
LiveJournal, and Yandex.Disk, which the threat actors used as a command & 
control (C2) server of sorts. Multiple payloads 

Through these cloud services, the hackers would instruct the malware to 
download stage two payloads, including a trojan called GrewApacha, and a 
backdoor called CloudSorcerer. 

The latter was also spotted in attacks against American organizations in late 
May 2024, The Register reports. Furthermore, CloudSorcerer was used to 
download a previously unseen implant dubbed PlugY, which can manipulate 
files, run shell commands, log keystrokes, monitor screens, edit clipboard 
contents, and more. 

"Analysis of the implant is still ongoing, but we can conclude with a high 
degree of confidence that the code of the DRBControl (aka Clambling) backdoor 
was used to develop it," Kaspersky said in its report. DRBControl was 
apparently developed by APT27. Since the malware used in the EastWind 
campaign was similar to variants used by both APT27 and APT29, Kaspersky 
believes this clearly shows how Chinese state-sponsored actors "very often 
team up, actively sharing knowledge and tools." 

On the surface, China and Russia often act as allies, supporting each others 
political and military aspirations. China, for example, supports Russias 
invasion of Ukraine, while Russia repeats Chinas statements of one China - a 
term used to deny Taiwans sovereignty and territorial integrity. However, 
when it comes to the fight for information, it would seem that there are no 
alliances. More from TechRadar Pro Sellafield nuclear site compromised by 
Russian and Chinese hackers Here's a list of the best malware removal tools 
around today These are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/cybercriminals-linked-to-china-are-goin
g-after-russian-targets


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.