Security News > 2023 > August > China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems.

The attacks entailed the use of more than 15 distinct implants and their variants, broken down into three broad categories based on their ability to establish persistent remote access, gather sensitive information, and transmit the collected data to actor-controlled infrastructure.

"One of the implant types appeared to be a sophisticated modular malware, aimed at profiling removable drives and contaminating them with a worm to exfiltrate data from isolated, or air-gapped, networks of industrial organizations in Eastern Europe," Kaspersky said.

Also discovered is a third type of first-stage implant that makes use of Yandex Cloud for command-and-control, mirroring similar findings from Positive Technologies in August 2022 detailing APT31 attacks targeting Russian media and energy companies.

APT31 has also been observed utilizing dedicated implants for gathering local files as well as exfiltrating data from air-gapped systems by infecting removable drives.

While the aforementioned attack chains are expressly engineered for the Windows environment, there is evidence that APT31 has set its sights on Linux systems as well.

News URL

https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html