Subscribe

Chinese Groups Use Ransomware As Lure For Cyber Espionage

June 24, 2022

Threat analysts from Secureworks have uncovered the activities of two Chinese hacking groups that use ransomware as a decoy for cyber espionage. Ransomware as a decoy allows attackers to cover their tracks, complicate attribution, and distract defenders.

The two cluster of hacker activities are “Bronze Riverside” (APT41), and “Bronze Starlight” (APT10). Both use the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike and QuasarRAT.

It is unclear whether these ransomware families were developed as decoys to hide other malicious activities. Nothing is certain, because all the discussed ransomware strains are based on publicly available leaked codes.

According to the researchers, “Bronze Starlight” may be creating short-lived ransomware strains just to disguise its cyber espionage operations as a ransomware attack. This is because the five ransomware strains (LockFile, AtomSilo, Rook, Night Sky and Pandora0 used during attacks never posed a significant threat.

The cyber activities therefore serve as a reminder of the need to set up robust ransomware detection and protection mechanisms. Systems should also be thoroughly inspected post-cleanup.

The sources for this piece include an article in BleepingComputer.

Top Stories

OpenAI and Anthropic go head-to-head with same-day AI model launches

Wikipedia positions itself as a defence against AI slop

French prosecutors raid X offices as Grok investigation widens

TELUS, L-SPARK partner to give startups access to domestic AI compute   

Software shares drop as AI agents rattle investors

OpenAI looks beyond Nvidia for chip alternatives 

Related Articles

OpenAI and Anthropic go head-to-head with same-day AI model launches

February 6, 2026 The competition between OpenAI and Anthropic intensified this week after both companies unveiled new artificial intelligence models more...

French prosecutors raid X offices as Grok investigation widens

February 5, 2026 French authorities raided X’s Paris offices on Tuesday as part of a criminal investigation tied to the more...

TELUS, L-SPARK partner to give startups access to domestic AI compute   

February 5, 2026 TELUS is opening Canada’s first fully sovereign AI factory to startups and small businesses. The telecom giant more...

Researcher uncovers large-scale malware campaign hidden in AI bot marketplace

February 5, 2026 A security researcher at Koi named Oren Yomtov has uncovered a widespread malware operation embedded inside an more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.