Security News > 2022 > October > Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers
The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes.
"This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China."
The use of Cheerscrypt is the latest addition to a long list of ransomware families previously deployed by the group in little over a year, including LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.
Interestingly, the ransomware shares overlaps with the Linux version of the Babuk ransomware, which had its source code leaked in September 2021 and also forms the basis of Emperor Dragonfly's Rook, Night Sky, and Pandora families.
The threat actor's modus operandi further stands out for its handling of all stages of the ransomware attack lifecycle, right from initial access to ransomware deployment, without relying on affiliates and access brokers.
"Emperor Dragonfly is a China-based ransomware operator, making it a rarity in today's threat landscape," researchers said, adding "a single threat actor conducted the entire operation."
News URL
https://thehackernews.com/2022/10/researchers-link-cheerscrypt-linux.html
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- North Korean hackers pave the way for Play ransomware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)