Security News > 2022 > April > Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations," the cybersecurity firm said in a report shared with The Hacker News.

Chief among its tools is PlugX, a Windows backdoor that enables threat actors to execute a variety of commands on infected systems and which has been employed by several Chinese state-sponsored actors over the years.

"Targeting Russian-speaking users and European entities suggests that the threat actors have received updated tasking that reflects the changing intelligence collection requirements of the ," the researchers said.

The findings come weeks after another China-based nation-state group known as Nomad Panda was linked with medium confidence to attacks against defense and telecom sectors in South Asia by leveraging yet another version of PlugX dubbed Talisman.

"PlugX has been associated with various Chinese actors in recent years," Trellix noted last month.

"On the other hand, the alleged leak of the PlugX v1 builder, as reported by Airbus in 2015, indicates that not all occurrences of PlugX are necessarily tied to Chinese actors," the cybersecurity company added.

News URL

https://thehackernews.com/2022/04/chinese-hackers-targeting-russian.html