September 24, 2021

Cybersecurity researchers have discovered a ransomware campaign that draws on technologies used by nation-state hackers and cyberespionage.

This was revealed when cyber criminals tried to launch a ransomware attack against an unnamed company for product security testing. The attack was discovered and stopped, but gave the cybersecurity researchers at eSentire enough information to investigate the tactics, techniques and procedures used.

The attack methods used in the ransomware campaign were similar to techniques previously identified with government-supported Chinese hacking operations such as APT27 – also known as Emissary Panda.

eSentire said that the low quality of the Ransomware and the absence of identified Ransomware violations by these “Hello Ransomware,” together with the use of intrusion and reconnaissance methods of the attacks, raises questions of whether Ransomware is the true target of the perpetrators.

While this does not necessarily mean that the people behind the ransomware are working on behalf of China, it shows how cyber criminals can copy the techniques used by advanced government-backed hacking groups to spread malware.

Techniques used in the attempted attack in July include the use of SharePoint exploits and China Chopper, a clandestine remote access tool that provides a back door to compromised systems and is commonly distributed on web servers. China Chopper is commonly used by Chinese APT groups and is widely available and used by government-backed hackers and cyber criminals.

For more information, view the original story from ZDnet.