Security News > 2022 > June > Chinese hackers use ransomware as decoy for cyber espionage

Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.
Threat analysts from Secureworks say that the use of ransomware in espionage operations is done to obscure their tracks, make attribution harder, and create a powerful distraction for defenders.
The two clusters of hacking activity analyzed by Secureworks are "Bronze Riverside" and "Bronze Starlight", both using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT. Starting in March 2022, "Bronze Starlight" leveraged Cobalt Strike to deploy ransomware strains such as LockFile, AtomSilo, Rook, Night Sky, and Pandora.
That said, "Bronze Starlight" might be creating short-lived ransomware strains only to mask its cyber-espionage operations as ransomware attacks, reducing the chances of dealing with the ramifications of accurate attribution.
Since all of the discussed ransomware strains are based on publicly available or leaked code, and Chinese threat groups are known for sharing backdoors and infrastructure, nothing can be said with certainty.
While it is unclear if these ransomware families were developed as decoys to hide other malicious activity, it would not be the first time ransomware was used this way.
News URL
Related news
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)