• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese APT Group Linked to Ransomware Attacks

You are here: Home / General Cyber Security News / Chinese APT Group Linked to Ransomware Attacks

A well-known Chinese condition-backed APT team is thought to have been responsible for many ransomware attacks towards firms past yr, in accordance to new analysis.

A report from Security Joes and Pro reveals how the vendors uncovered the one-way links just after investigating an incident in which ransomware encrypted “several core servers” at an unknown victim group.

They found samples of malware joined to the DRBControl campaign which qualified significant gaming organizations and is involved with two effectively-acknowledged Chinese-backed teams, APT27 (aka Emissary Panda) and Winnti.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Avast Ultimate Suite 2021

Protect yourself against all threads using AVAST Ultimate Suite. AVAST Ultimate Suite protects your Windows, macOS and your Android via Avast Premium. In addition it comes with AVAST's well-known VPN service SecureLineVPN. Therefore, it will be a security and privacy in one package.

Get AVAST Ultimate Suite with 65% discount certified seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Specially, they claimed to have detected an older model of the Clambling backdoor employed in that marketing campaign, an ASPXSpy webshell formerly employed by APT27, and the PlugX RAT which is generally utilized in Chinese attacks.

Though Winnti is acknowledged for fiscally determined attacks, APT27 is commonly much more concentrated on info theft. However, the latter has earlier been joined to a single ransomware attack, featuring the Polar variant.

“There are exceptionally strong links to APT27 in phrases of code similarities and TTPs,” the report pointed out. “This incident happened at a time when the place COVID-19 was rampant across China with lockdowns remaining set into put, and consequently a swap to a money target would not be shocking.”

The attack by itself does not seem to be to have been especially complex.

The initial vector was a 3rd-party assistance provider that by itself experienced been infected by a third party, and the attackers utilized Windows own BitLocker encryption instrument to lock down targeted servers.

ASPXSpy was deployed for lateral movement and PlugX and Clambling had been loaded into memory making use of a Google Updater executable vulnerable to DLL aspect-loading. Preferred open resource tool Mimikatz was also employed in the attack and a publicly accessible exploit for CVE-2017-0213 was used to escalate privileges.

Gaming companies are an progressively preferred target amongst economically motivated attackers, in accordance to new exploration released yesterday by Kela. The menace intelligence firm claimed to have learned 1 million compromised inside accounts from gaming businesses on the dark web, and 500,000 breached qualifications belonging to workers.


Some sections of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Healthcare Industry Witnessed 45% Spike In Cyber Attacks Since Nov Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20
Next Post: Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.