Security News > 2024 > August > China-linked cyber-spies infect Russian govt, IT sector
Cyber-spies suspected of connections with China have infected "Dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.
The Russia-based security biz claimed the malware used in the ongoing, targeted attacks - dubbed EastWind - has links to two China-nexus groups tracked as APT27 and APT31.
After gaining initial access to their victims' devices via phishing emails, the attackers used various cloud services and sites including GitHub, Dropbox, Quora, LiveJournal, and Yandex.
The malware includes a trojan - previously linked to APT31 during a 2021 and 2023 campaign - that Kaspersky named "GrewApacha."
In addition to the GrewApacha trojan, the attackers also downloaded the CloudSorcerer backdoor.
CloudSorcerer, while deployed against Russian organizations in this particular campaign, was also spotted in a late May attack against a US-based org, according to Proofpoint.