Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers

2022-10-03 12:56

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes.

"This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China."

The use of Cheerscrypt is the latest addition to a long list of ransomware families previously deployed by the group in little over a year, including LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

Interestingly, the ransomware shares overlaps with the Linux version of the Babuk ransomware, which had its source code leaked in September 2021 and also forms the basis of Emperor Dragonfly's Rook, Night Sky, and Pandora families.

The threat actor's modus operandi further stands out for its handling of all stages of the ransomware attack lifecycle, right from initial access to ransomware deployment, without relying on affiliates and access brokers.

"Emperor Dragonfly is a China-based ransomware operator, making it a rarity in today's threat landscape," researchers said, adding "a single threat actor conducted the entire operation."

News URL

https://thehackernews.com/2022/10/researchers-link-cheerscrypt-linux.html

#chinese #hacker #linux #ransomware #researcher

News URL

Related news