Security News > 2022 > June > Beijing-backed attackers use ransomware as a decoy while they conduct espionage

A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks.

Cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

"The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the company argues.

Secureworks offers its distraction theory after observing Bronze Starlight deploying different ransomware variants for short periods of time - unusual behaviour, as ransomware gangs generally don't change their attacks unless it's necessary to retain their potency.

The gang has changed its methods at least once, moving from "Traditional ransomware" in which infections lead to a demand for payments, to a name-and-shame model in which the gang threatens to expose data if it is not paid.

Secureworks believes the group has infected 21 victims, 75 percent of which would be of interest to Beijing.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/24/ransomware_as_espionage_distraction/