China sponsored hacker attacks on Russian government agencies

Science, technology and technology news

China sponsored hacker attacks on Russian government agencies

The hacker groups sponsored by the Chinese government are directly involved in the attacks on Russian departments in 2020. Such data are contained in a study prepared by analysts at Group-IB.

Experts discovered familiar code fragments while working on a report by the National Coordination Center for Computer Incidents on last year's attacks targeting federal executive authorities. Similar tools and the attack model itself, which are unique, have already been used before, which makes it possible to unequivocally speak about who is behind the attack.

In particular, cybercriminals used two versions of the Webdav-O Trojan (x64 and x86), which has been known for several years. In the victim's system, he knows how to disguise himself as Yandex services. Webdav-O has a structure similar to the popular BlueTraveller Trojan, which was developed by the Chinese hacker group TaskMasters. The attacks also used the malicious Mail-O software, which is associated with hackers from the TA428 group.

Both organizations are sponsored by the Chinese government, according to Group-IB. TA428 has been known for eight years and specializes in attacks on government agencies in East Asia involved in IT development, domestic and foreign policy, and economic development. TaskMasters has been on the market for over a decade. The group attacks companies located around the world, but pays special attention to organizations from Russia and the CIS. Hackers target large industrial and energy enterprises, government agencies and transportation companies. These groups are closely related and often use modified versions of each other's designs.

Earlier, Russian cybercriminals announced their readiness to oppose US operations in cyberspace. Members of the BlackMatter hacker group announced that they have replaced the Darkside and REvil associations and are ready to become the leaders of the darknet. The group carefully selects targets and does not plan attacks on critical infrastructure in order not to attract too much attention.

Leave a Reply

five + fourteen =