FlagThis

CyberSecurity updates
2025-02-23 09:12:53 Pacfic
Pierluigi Paganini @ Malware Archives
Chinese Espionage Tools Used in RA World Attack - 6d
Read more: securityaffairs.com

Espionage tools typically associated with China-linked threat actors have been detected in a November 2024 RA World ransomware attack against an Asian software and services firm. According to reports, the attackers initially focused on cyberespionage, targeting a Southeastern European country's foreign ministry in July 2024 before setting their sights on the Asian firm. The compromise of the software company involved exploiting a Palo Alto Networks PAN-OS flaw and pilfering Amazon AWS S3 bucket data and credentials.

The attackers deployed a distinct toolset in the RA World attack which has previously been used by China-linked actors in classic espionage attacks, including a PlugX malware variant. The use of these tools, historically deployed for maintaining a persistent presence on targeted organizations and installing backdoors, marks a shift from traditional espionage activities focused on information gathering to financially motivated cybercrime, raising questions about whether espionage actors are diversifying their operations.

Original img attribution: https://securityaffairs.com/wp-content/uploads/2014/07/Chinese-hackers-espionage.jpg
ImgSrc: securityaffairs.com
References:
  • Information Security Buzz - Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services co - 6d
  • Security Archives - Security Affairs - A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. - 6d
  • SCM feed for Threat Management - After initially focusing on cyberespionage in an attack against a Southeastern European country's foreign ministry in July, threat actors aimed to compromise the Asian firm by exploiting a Palo Alto N - 6d
  • Broadcom Software Blogs - Chinese state-sponsored hacking tools detected in recent RA World #ransomware attack. Possible moonlighting activity combines #APT and criminal tactics. - 6d

Classification:
  • HashTags: Ransomware Cyberespionage ChinaAPT
  • Company: Broadcom
  • Target: Asian software and services firm
  • Attacker: RA World
  • Product: PAN-OS, AWS S3
  • Feature: Exploitation of PAN-OS
  • Type: Ransomware
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.