Security News > 2021 > August > Researchers Analyze Chinese Malware Used Against Russian Government

At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal.

An in-depth analysis of the employed malware families suggests that Chinese hacker groups TA428 and TaskMasters were behind a series of attacks that targeted Russian government agencies in 2020, Group-IB says.

As part of last year's attacks against Russian authorities, the Chinese hackers used malware families Webdav-O and Mail-O to gain remote access to targeted systems and exfiltrate data of interest.

During their investigation into the attacks, Group-IB's security researchers discovered code similarities between Webdav-O and the BlueTraveller Trojan, which eventually led them to the conclusion that TaskMasters might have used the malware in the 2020 attacks.

The security researchers also note that some of the 2020 attacks against the Russian government might have been conducted by TA428, especially with Mail-O believed to be part of this group's portfolio and with Webdav-O being linked to BlueTraveller, which is in turn linked to TA428's Albaniiutas.

The researchers also note that evidence suggests that a large hacking group consisting of intelligence units of the People's Liberation Army of China might be operating out of the country, with the various Chinese APT groups tracked by threat intelligence organizations being nothing more than subgroups.

News URL

http://feedproxy.google.com/~r/securityweek/~3/4HHFqAtLHSw/researchers-analyze-chinese-malware-used-against-russian-government