Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware
Post number #856620, ID: 47fc94
|
A China-linked government-sponsored threat actor, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access, and collect data from targets of interest.
The fact that Russian officials have been targeted indicates that the threat actor is evolving its tactics in response to the political situation in Europe and the war in Ukraine.
Post number #856623, ID: 47fc94
|
Targeting Russian-speaking users suggests that the threat actors have received updated tasking that reflects the changing intelligence collection requirements of China.
The attack chain commences with a malicious executable named "Blagoveshchensk Border Detachment.exe" that masquerades as a seemingly legitimate document with a PDF icon.
"Blagoveshchensk is a Russian city close to the China border and is home to the 56th Blagoveshchenskiy Red Banner Border Guard Detachment.
Post number #856637, ID: a9d0bb
|
Source required.
Total number of posts: 3,
last modified on:
Tue Jan 1 00:00:00 1651196374
| A China-linked government-sponsored threat actor, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access, and collect data from targets of interest.
The fact that Russian officials have been targeted indicates that the threat actor is evolving its tactics in response to the political situation in Europe and the war in Ukraine.