Chinese APTs Use Ransomware as Decoy for Espionage

From cyware.com

Chinese APTs Use Ransomware as Decoy for Espionage

Two APT groups from China are carrying out cyber espionage and stealing intellectual property from Western and Japanese firms. While doing so, they are deploying ransomware as a decoy to cover their activities.

The campaign

Researchers from Secureworks spotted two hacking clusters, tracked as APT41 and APT10, using HUI Loader to deploy QuasarRAT, PlugX, and Cobalt Strike.

  • APT41 is focused on stealing intellectual property from Japanese firms while APT10 has been targeting global organizations.
  • Both groups were propagating short-lived ransomware to mask their espionage activities as financially-motivated attacks to reduce accurate attribution and create a good distraction for defenders.

Read more…