Summary: A recent report reveals that the Chinese threat actor, Emperor Dragonfly, has shifted from cyber espionage to executing ransomware attacks, specifically targeting an Asian IT company with RA World ransomware. This operation included exploiting vulnerabilities and leveraging techniques previously linked to espionage campaigns. The motivations behind this shift remain unclear, with theories suggesting possible diversion tactics or insider involvement.
Affected: Asian IT Company
Keypoints :
- Emperor Dragonfly, historically linked to cyber espionage, has adopted ransomware tactics, deploying RA World ransomware in a November 2024 attack.
- The attack exploited CVE-2024-0012 in Palo Alto PAN-OS and involved exfiltrating Amazon S3 credentials prior to encryption.
- There are competing theories regarding the motives behind this shift, suggesting either a diversionary tactic or insider exploitation for personal profit.
Source: https://securityonline.info/chinese-hackers-emperor-dragonfly-use-espionage-tools-for-ransomware/