Security News > 2021 > January > Ransomware Attacks Linked to Chinese Cyberspies
China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files.
More recently the cyberspies appear to have switched to financially-motivated attacks.
The attack, boutique cybersecurity services company Profero explains in a detailed report, had similarities in code and TTPs with the DRBControl campaign that Trend Micro linked in early 2020 to Chinese APT groups APT27 and Winnti.
During their investigation of the ransomware attack, Security Joes and Profero researchers identified a backdoor they linked to DRBControl, as well as an ASPXSpy webshell, a PlugX sample, and Mimikatz.
Also unusual for a ransomware attack was the use of BitLocker, a local tool, instead of a ransomware family.
This does not appear to be a singular ransomware incident attributed to the Chinese hacking group: in late November 2020, Positive Technologies detailed an APT27 attack in which the Polar ransomware was used.
News URL
Related news
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
- Ransomware attack at New York blood services provider – donors turned away during shortage crisis (source)
- Ransomware attack disrupts New York blood donation giant (source)