Security News > 2021 > January > China's APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.
Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.
Analyzing the attacks revealed malware samples linked to DRBControl, a campaign described earlier this year in a report from Trend Micro and attributed to APT27 and Winnti, both groups active since at least 2010 and associate with Chinese hackers.
The attacks against the five companies in the gambling sector were not particularly sophisticated and relied on known methods to evade detection and move laterally.
Daniel Bunce, Principal Security Analyst at Security Joes, told BleepingComputer that the key takeaway from these attacks is the involvement of a cyberespionage group in a financially-driven campaign.
Recently, another hacker group believed to work for a government has been linked to ransomware attacks.
News URL
https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)