China’s hackers spied on Russian and Belarusian facilities

China’s hackers spied on Russian and Belarusian facilities

Moscow, 24 . 5.2022

Chinese hackers have penetrated Russian and Belarusian defense facilities. The hackers used the intrusion to spy on the daily activities of the organizations.

The research facilities are working on developing high-tech defense solutions. The method used to attack the victims was spear phishing emails that contained malware and were distributed via files that tricked users into thinking they were opening classified information.

This facility belongs to a holding company within the Russian state defense conglomerate Rostec Corporation, Russia’s largest holding company for the radio electronics industry and military technology development.

The hacking campaign has been attributed to a Chinese actor with ties to Stone Panda (also known as APT10), a state-backed actor, and Mustang Panda, a China-based cyber espionage actor. This operation is believed to have begun in June 2021 and may be ongoing.

These hacker groups used new tools not previously described. These include a sophisticated multilayered loader and a backdoor called SPINNER. These tools have been in development since at least March 2021 and use techniques such as multilayered in-memory loaders and compiler-level obfuscation.