{"id":24461,"date":"2022-06-24T08:36:41","date_gmt":"2022-06-24T12:36:41","guid":{"rendered":"https:\/\/www.technewsday.com\/?p=24461"},"modified":"2022-06-27T15:34:26","modified_gmt":"2022-06-27T19:34:26","slug":"chinese-groups-use-ransomware-as-lure-for-cyber-espionage","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/chinese-groups-use-ransomware-as-lure-for-cyber-espionage\/","title":{"rendered":"Chinese Groups Use Ransomware As Lure For Cyber Espionage"},"content":{"rendered":"

Threat analysts from Secureworks have uncovered the activities of two Chinese hacking groups that use ransomware as a decoy for cyber espionage. Ransomware as a decoy allows attackers to cover their tracks, complicate attribution, and distract defenders.<\/p>\n

The two cluster of hacker activities are “Bronze Riverside” (APT41), and “Bronze Starlight” (APT10). Both use the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike and QuasarRAT.<\/p>\n

It is unclear whether these ransomware families were developed as decoys to hide other malicious activities. Nothing is certain, because all the discussed ransomware strains are based on publicly available leaked codes.<\/p>\n

According to the researchers, “Bronze Starlight” may be creating short-lived ransomware strains just to disguise its cyber espionage operations as a ransomware attack. This is because the five ransomware strains (LockFile, AtomSilo, Rook, Night Sky and Pandora0 used during attacks never posed a significant threat.<\/p>\n

The cyber activities therefore serve as a reminder of the need to set up robust ransomware detection and protection mechanisms. Systems should also be thoroughly inspected post-cleanup.<\/p>\n

The sources for this piece include an article in BleepingComputer<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Threat analysts from Secureworks have uncovered the activities of two Chinese hacking groups that use ransomware as a decoy for cyber espionage. Ransomware as a decoy allows attackers to cover their tracks, complicate attribution, and distract defenders. The two cluster of hacker activities are “Bronze Riverside” (APT41), and “Bronze Starlight” (APT10). Both use the HUI […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34,57,16],"tags":[388,393],"class_list":["post-24461","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence","category-companies","category-security","tag-privacy-security","tag-security-strategies"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24461"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24461\/revisions"}],"predecessor-version":[{"id":24463,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24461\/revisions\/24463"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}