• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Chinese Espionage Group Apt27 Moves Into Ransomware

Chinese espionage group APT27 moves into ransomware

You are here: Home / General Cyber Security News / Chinese espionage group APT27 moves into ransomware

Researchers have discovered that the Chinese espionage team APT27 has moved into extra economically-enthusiastic cybercrimes, using ransomware to encrypt main servers at key gaming corporations globally.

In a site launched by Profero and Security Joes, scientists reported the crew initial started subsequent APT27 intently in early 2020 when they responded to the ransomware incident. During that investigation they found malware discovered by TrendMicro back again in July 2019, which was connected to a marketing campaign by APT27 and Winnti, acknowledged as DRBControl. Equally groups are linked to China.

The Profero/Security Joes report on the ransomware incidents observed particularly sturdy hyperlinks to APT27 in conditions of code similarities and methods, methods and treatments. They explained what stood out in this incident was the encryption of main servers making use of BitLocker, a push encryption software designed into Windows. The technique was unusual, presented risk actors commonly drop the ransomware to the machines as opposed to making use of nearby tools. What solidified their perception that APT27 had moved into monetarily-enthusiastic cybercrime was a report in April 2020 by Beneficial Technologies that discovered APT27 experienced also dropped the Polar ransomware on units.  

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Avast Premium Security 2021

Protect yourself against all threads using AVAST Premium Security. AVAST Ultimate Suite protects your Windows, macOS and your Android via Avast Premium.

Get AVAST Premium Security with 60% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Austin Merritt, cyber risk intelligence analyst at Electronic Shadows, said the sizeable use of tooling that has historically been connected to Chinese danger actors indicates it is realistically doable that APT27 or Winnti could have been dependable for the ransomware actions outlined by the Profero/Security Joes report. Merritt included that other country-point out affiliated APTs this kind of as TA505 (Russia) and Lazarus Team (North Korea) have made use of ransomware in the previous.

“As lots of ransomware variants are deployed employing commodity malware variants, these types of as TrickBot and Emotet, it’s usually challenging to pinpoint attribution to just one precise APT,” Merritt stated. “Given the prominence of ransomware across the threat landscape, it is very likely that economically-determined country-condition threat actors will use ransomware in potential attacks.”


Some pieces of this short article are sourced from:
www.scmagazine.com

Previous Post: «Solarwinds Hack Poses Risk To Cloud Services’ Api Keys And SolarWinds hack poses risk to cloud services’ API keys and IAM identities
Next Post: NYSE U-Turn Means Chinese Telcos Escape Delisting Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.