Cybersecurity

9 readers

3 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

[email protected]

A China-linked espionage actor may be moonlighting as a ransomware attacker, raising questions about their motives. (fedia.io)

submitted 1 week ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

A China-linked espionage actor may be moonlighting as a ransomware attacker, raising questions about their motives.

#ransomware #cyberattack #cybersecurity #Hacking #cybercrime

https://cnews.link/china-spy-espionage-ransomware-1/

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

'tools typically associated with China-based intelligence operations were used in a ransomware attack'

raising questions about precedents- has this toolset been used by actors other than china before? "typically" is a funny word here, and "china-based" means very little in the way of incrimination.

"While such tools, often used in espionage attacks, are shared among threat actors, many are not publicly available"

"However, this espionage-linked attacker shifted from spy tactics to ransomware"

a burglar cases a joint: <-- espionage, burglar enters building <--- shifts from spy tactics to burglary, . . .

To execute the attack, threat actors utilized a known espionage tool – a Toshiba executable (toshdpdb.exe) used to sideload a malicious DLL named toshdpapi.dll. This component decrypted and loaded a "variant" of the PlugX backdoor, a tool exclusively linked to Chinese state-affiliated hackers.

variant of a chinese exclusive tool. could it be intentional misdirection? there's certainly a healthy appetite to undermine china in the west.