Chinese hackers use the internet to spy

Two groups of Chinese hackers use the Internet to steal intellectual property from Japanese and Western companies. They use the deployment of ransomware to cover up their activities. According to experts, its use is made as a way to mask its tracks and create a distraction for those trying to discover its origin.

To find out more about this activity Chinese hackers cyber espionage, read the full article and learn more.

Read more: Anonymous hacker group declares "cyber war" on Russia.

Spying through ransomware activity

Two clusters of hacker activity analyzed by the company Secureworks were found. The clusters are “Bronze Riverside” (APT 41) and “Bronze Starlight” (APT10). Both use the HUI loader to deploy remote access trojans.

With that in mind, starting in March 2022, “Bronze Starlight” took advantage of one of these trojans to deploy numerous ransomware such as LockFile, AtomSilo, Rook, and Pandora. In these attacks, hackers used updated versions of the HUI Loader, capable of connecting calls Windows API and disable Event Tracing for Windows (ETW) and Antimalware Scan Interface functions (AMSI).

Despite attacks by hackers on companies, ransomware operations failed to significantly harm the company. Besides, they were all abandoned prematurely.

However, Securework's findings are very valid as they constitute why defenders should configure mechanisms robust ransomware detection and protection systems, as well as thoroughly inspecting all systems, even after cleaning.

Even though it is not clear why behind the development of these ransomware. Since they may have been created to hide other, even more serious, malicious activity, it wouldn't be the first time these devices have been used in this way.

Also in 2018, threat actors deployed disk wiping malware to hundreds of computers in a Chilean bank. In this way, they were able to distract employees while they were trying to steal money through the SWIFT financial transfer system.