Security News > 2021 > January > Ransomware Attacks Linked to Chinese Cyberspies
China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files.
More recently the cyberspies appear to have switched to financially-motivated attacks.
The attack, boutique cybersecurity services company Profero explains in a detailed report, had similarities in code and TTPs with the DRBControl campaign that Trend Micro linked in early 2020 to Chinese APT groups APT27 and Winnti.
During their investigation of the ransomware attack, Security Joes and Profero researchers identified a backdoor they linked to DRBControl, as well as an ASPXSpy webshell, a PlugX sample, and Mimikatz.
Also unusual for a ransomware attack was the use of BitLocker, a local tool, instead of a ransomware family.
This does not appear to be a singular ransomware incident attributed to the Chinese hacking group: in late November 2020, Positive Technologies detailed an APT27 attack in which the Polar ransomware was used.
News URL
Related news
- Leicester streetlights take ransomware attack personally, shine on 24/7 (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- City of Wichita shuts down IT network after ransomware attack (source)
- Ransomware attacks impact 20% of sensitive data in healthcare orgs (source)
- Ohio Lottery ransomware attack impacts over 538,000 individuals (source)
- Ascension redirects ambulances after suspected ransomware attack (source)
- Singing River Health System: Data of 895,000 stolen in ransomware attack (source)
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- OmniVision discloses data breach after 2023 ransomware attack (source)