How Chinese Hacking Groups Target Russia

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Cyberwarfare / Nation-State Attacks
Fraud Management & Cybercrime
Next-Generation Technologies & Secure Development

Reports From Group IB, Positive Technologies Offer Details

How Chinese Hacking Groups Target Russia

Researchers at Group-IB say Chinese threat actors apparently were responsible for an attack on Russian federal executive authorities in 2020.

See Also: Live Panel | How Organizations Should Think About Zero Trust

Meanwhile, Positive Technologies reports that Chinese hacking group APT31 is now using a new dropper to infect Russian systems with malware.

Group-IB’s Findings

Researchers at Group-IB say the perpetrators in an attack on Russian authorities last year appear to be either Chinese state-sponsored hacker groups TA428 and TaskMasters or a united Chinese hacker group made up of different units.

TA428, operational since 2013, targets government agencies in East Asia that control information technology, domestic and foreign policy and economic development, Group-IB says. TaskMasters, active at least since 2010, attacks industrial and energy enterprises, government agencies and transport companies primarily based in Russia and the Commonwealth of Independent States – former Soviet states.

The exact version of the malware used in the 2020 attacks in Russia, called Webdav-O x64 Trojan, has been active since at least 2018, Group-IB says. Webdav-O malware has a set of commands similar to Trojan BlueTraveller, aka RemShell, which was previously linked to China’s TaskMasters.

SentinelOne in June reported Mail-O malware was being used to attack Russian authorities. Mail-O has been linked to…