Security News > 2024 > June > Chinese Cyberspies Employ Ransomware in Attacks for Diversion
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
A joint report from SentinelLabs and Recorded Future analysts presents the case of ChamelGang, a suspected Chinese advanced persistent threat that has been using the CatB ransomware strain in attacks that impact high-profile organizations worldwide.
In the last stage of the attack, ChamelGang deployed CatB ransomware on the network, dropping ransom notes at the beginning of each encrypted file.
A reason for involving ransomware in cyberespionage attacks could be that it provides strategic and operational benefits that blur the lines between APT and cybercriminal activity, which can lead to incorrect attribution or as a means to conceal the data collection nature of the operation.
Rafel RAT targets outdated Android phones in ransomware attacks.
Change Healthcare lists the medical data stolen in ransomware attack.
News URL
Related news
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)