Summary: A recent report by Symantec reveals that tools used by Chinese cyberespionage groups were deployed in a ransomware attack, likely executed by a single hacker. The attack involved sideloading a malicious DLL via a Toshiba executable to deploy the PlugX backdoor alongside ransomware known as RA World. This incident is notable because it diverges from the typical operations of Chinese espionage groups, suggesting insider involvement and potential links to the advanced persistent threat actor Bronze Starlight.
Affected: Various governmental and telecom organizations in Southeastern Europe and Southeast Asia, as well as a medium-sized software company in South Asia.
Keypoints :
- Ransomware attack utilized tools associated with Chinese cyberespionage, specifically PlugX backdoor.
- The attacker reportedly gained access via a known firewall vulnerability and exfiltrated sensitive data before deploying ransomware.
- This incident marks a rare case of a Chinese espionage tool being used for ransomware, potentially indicating the involvement of an insider.
Source: https://www.securityweek.com/chinese-cyberspy-possibly-launching-ransomware-attacks-as-side-job/
Views: 5