Security News > 2021 > August > Chinese Cyberspy Group APT31 Starts Targeting Russia
China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and - for the first time - Russia, according to enterprise cybersecurity firm Positive Technologies.
In July 2021, the group was officially accused of targeting vulnerabilities in Microsoft Exchange servers, on behalf of China, and France warned of APT31's continuous abuse of hacked routers in malicious attacks.
The group is believed to have launched at least 10 cyberattacks between January and July 2021, delivering a remote access Trojan and mainly targeting entities in Mongolia, Russia, Belarus, Canada, and the United States.
According to Positive Technologies, it's the first time this particular threat group has targeted Russia, and evidence suggests that at least some of the targets here were government organizations.
During their investigation into the hacking group's activities, Positive Technologies' security researchers discovered several versions of the dropper, including one that downloads all files from the command and control server.
"The revealed similarities with earlier versions of malicious samples described by researchers, such as in 2020, suggest that the group is expanding the geography of its interests to countries where its growing activity can be detected, Russia in particular. We believe that further instances will be revealed soon of this group being used in attacks," Positive Technologies concludes.