Security News > 2024 > June > Chinese hacking groups team up in cyber espionage campaign
Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace.
According to a report from cybersecurity company Sophos, the campaign relied on new malware variants and three different activity clusters that indicate a coordinated attack.
Sophos identified three activity clusters connected to known Chinese threat groups like "BackdoorDiplomacy," "REF5961," "Worok," "TA428," and the APT41 subgroup Earth Longzhi.
"Though we are currently unable to perform high-confidence attribution or confirm the nature of the relationship between these clusters, our current investigation suggests that the clusters reflect the work of separate actors tasked by a central authority with parallel objectives in pursuit of Chinese state interests" - Sophos.
Overall, the three clusters operated during standard Chinese work hours, breaking the period into three chunks that don't overlap, which indicates a high level of coordination.
High-confidence attribution or confirming the relation between the three clusters is difficult, Sophos researchers believe that the detected activity represents "The work of separate actors tasked by a central authority with parallel objectives in pursuit of Chinese state interests."
News URL
Related news
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)