Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

| A China-linked government-sponsored threat actor, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access, and collect data from targets of interest.

The fact that Russian officials have been targeted indicates that the threat actor is evolving its tactics in response to the political situation in Europe and the war in Ukraine.

| Targeting Russian-speaking users suggests that the threat actors have received updated tasking that reflects the changing intelligence collection requirements of China.

The attack chain commences with a malicious executable named "Blagoveshchensk Border Detachment.exe" that masquerades as a seemingly legitimate document with a PDF icon.

"Blagoveshchensk is a Russian city close to the China border and is home to the 56th Blagoveshchenskiy Red Banner Border Guard Detachment.

| Source required.

Total number of posts: 3, last modified on: Tue Jan 1 00:00:00 1651196374

This thread is closed.