Chinese APT groups disguise espionage as Extortion attack

image

Two Chinese hacker groups engaged in cyber espionage and stealing the intellectual property of Japanese and Western companies use ransomware as bait to conceal their malicious actions.

According to a Secureworks study, two groupings of Bronze Riverside (APT41)
and Bronze Starlight (APT10)
used HUI Loader for deployment remote access trojans ( Remote Access Trojans, RAT ) PlugX , Cobalt Strike and QuasarRAT .

Hackers used the new version in their campaigns HUI Loader, which is capable of intercepting Windows API calls and disabling Event Tracing for Windows functions
(ETW) and Antimalware Scan Interface (AMSI).

In addition, Bronze Starlight can create temporary strains of ransomware to masking its cyber espionage campaign under the attack of a ransomware program, reducing the chances of detection

Securework Experts recommended specialists should install reliable detection mechanisms and protection against ransomware, as well as carefully check all systems after cleaning.