Two APT groups from China are carrying out cyber espionage and stealing intellectual property from Western and Japanese firms. While doing so, they are deploying ransomware as a decoy to cover their activities.
Researchers from Secureworks spotted two hacking clusters, tracked as APT41 and APT10, using HUI Loader to deploy QuasarRAT, PlugX, and Cobalt Strike.
- APT41 is focused on stealing intellectual property from Japanese firms while APT10 has been targeting global organizations.
- Both groups were propagating short-lived ransomware to mask their espionage activities as financially-motivated attacks to reduce accurate attribution and create a good distraction for defenders.