Security News > 2021 > January > China's APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.

Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

Analyzing the attacks revealed malware samples linked to DRBControl, a campaign described earlier this year in a report from Trend Micro and attributed to APT27 and Winnti, both groups active since at least 2010 and associate with Chinese hackers.

The attacks against the five companies in the gambling sector were not particularly sophisticated and relied on known methods to evade detection and move laterally.

Daniel Bunce, Principal Security Analyst at Security Joes, told BleepingComputer that the key takeaway from these attacks is the involvement of a cyberespionage group in a financially-driven campaign.

Recently, another hacker group believed to work for a government has been linked to ransomware attacks.

News URL

https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/