Security News > 2022 > June > Chinese hackers use ransomware as decoy for cyber espionage
Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.
Threat analysts from Secureworks say that the use of ransomware in espionage operations is done to obscure their tracks, make attribution harder, and create a powerful distraction for defenders.
The two clusters of hacking activity analyzed by Secureworks are "Bronze Riverside" and "Bronze Starlight", both using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT. Starting in March 2022, "Bronze Starlight" leveraged Cobalt Strike to deploy ransomware strains such as LockFile, AtomSilo, Rook, Night Sky, and Pandora.
That said, "Bronze Starlight" might be creating short-lived ransomware strains only to mask its cyber-espionage operations as ransomware attacks, reducing the chances of dealing with the ramifications of accurate attribution.
Since all of the discussed ransomware strains are based on publicly available or leaked code, and Chinese threat groups are known for sharing backdoors and infrastructure, nothing can be said with certainty.
While it is unclear if these ransomware families were developed as decoys to hide other malicious activity, it would not be the first time ransomware was used this way.
News URL
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)