Security News > 2024 > June > Chinese hacking groups team up in cyber espionage campaign
Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace.
According to a report from cybersecurity company Sophos, the campaign relied on new malware variants and three different activity clusters that indicate a coordinated attack.
Sophos identified three activity clusters connected to known Chinese threat groups like "BackdoorDiplomacy," "REF5961," "Worok," "TA428," and the APT41 subgroup Earth Longzhi.
"Though we are currently unable to perform high-confidence attribution or confirm the nature of the relationship between these clusters, our current investigation suggests that the clusters reflect the work of separate actors tasked by a central authority with parallel objectives in pursuit of Chinese state interests" - Sophos.
Overall, the three clusters operated during standard Chinese work hours, breaking the period into three chunks that don't overlap, which indicates a high level of coordination.
High-confidence attribution or confirming the relation between the three clusters is difficult, Sophos researchers believe that the detected activity represents "The work of separate actors tasked by a central authority with parallel objectives in pursuit of Chinese state interests."