Security News > 2021 > June > Security researcher says attacks on Russian government have Chinese fingerprints – and typos, too

An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade of Sentinel Labs, before suggesting the malware came from a Chinese entity.

Russian telco and IT services provider Rostelecom and the nation's National Coordination Center for Computer Incidents, an arm of the Russian Federal Security Service, in May published a joint report that detailed their assessment of attacks on several Russian government entities detected in 2020.

The report said the attacks were made using malware named "Mail-O" and asserted that attackers used cloud storage services provided by Russian companies Yandex and Mail.ru Group.

"Misspellings are a true gift for malware researchers," Guerrero-Saade wrote.

TA428, he added, has a history of attacking Russian and south-east Asian targets and is credibly assessed as having Chinese origins.

Once it infects a machine, the malware downloads a payload and creates the "Entery" function, then downloads a third piece of software that the Russian report claims attempts to subvert email accounts and exfiltrate documents.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/09/mail_o_malware_maybe_chinese/