China’s hackers spied on Russian and Belarusian facilities
24. Mai 2022China’s hackers spied on Russian and Belarusian facilities
Moscow, 24 . 5.2022
Chinese hackers have penetrated Russian and Belarusian defense facilities. The hackers used the intrusion to spy on the daily activities of the organizations.
The research facilities are working on developing high-tech defense solutions. The method used to attack the victims was spear phishing emails that contained malware and were distributed via files that tricked users into thinking they were opening classified information.
This facility belongs to a holding company within the Russian state defense conglomerate Rostec Corporation, Russia’s largest holding company for the radio electronics industry and military technology development.
The hacking campaign has been attributed to a Chinese actor with ties to Stone Panda (also known as APT10), a state-backed actor, and Mustang Panda, a China-based cyber espionage actor. This operation is believed to have begun in June 2021 and may be ongoing.
These hacker groups used new tools not previously described. These include a sophisticated multilayered loader and a backdoor called SPINNER. These tools have been in development since at least March 2021 and use techniques such as multilayered in-memory loaders and compiler-level obfuscation.