Chinese Groups Use Ransomware As Lure For Cyber Espionage

Threat analysts from Secureworks have uncovered the activities of two Chinese hacking groups that use ransomware as a decoy for cyber espionage. Ransomware as a decoy allows attackers to cover their tracks, complicate attribution, and distract defenders.

The two cluster of hacker activities are “Bronze Riverside” (APT41), and “Bronze Starlight” (APT10). Both use the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike and QuasarRAT.

It is unclear whether these ransomware families were developed as decoys to hide other malicious activities. Nothing is certain, because all the discussed ransomware strains are based on publicly available leaked codes.

According to the researchers, “Bronze Starlight” may be creating short-lived ransomware strains just to disguise its cyber espionage operations as a ransomware attack. This is because the five ransomware strains (LockFile, AtomSilo, Rook, Night Sky and Pandora) used during attacks never posed a significant threat.

The cyber activities therefore serve as a reminder of the need to set up robust ransomware detection and protection mechanisms. Systems should also be thoroughly inspected post-cleanup.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web