Security News > 2021 > August > Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus
An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.
The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called "Webdav-O" that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called "BlueTraveller," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents.
The report builds on a number of public disclosures in May from Solar JSOC and SentinelOne, both of which disclosed a malware called "Mail-O" that was also observed in attacks against Russian federal executive authorities to access the cloud service Mail.ru, with SentinelOne tying it to a variant of another well-known malicious software called "PhantomNet" or "SManager" used by a threat actor dubbed TA428.
"The main goal of the hackers was to completely compromise the IT infrastructure and steal confidential information, including documents from closed segments and email correspondence of key federal executive authorities," Solar JSOC noted, adding the "Cybercriminals ensured themselves a high level of secrecy through the use of legitimate utilities, undetectable malware, and a deep understanding of the specifics of the work of information protection tools installed in government bodies."
"It is noteworthy that Chinese hacker groups actively exchange tools and infrastructure, but perhaps it is just the case here," the researchers said.
"Either both Chinese hacker groups attacked Russian federal executive authorities in 2020 or that there is one united Chinese hacker group made up of different units."