Chinese Cyber Espionage Group Linked to Ransomware Attack
/ 1 min read
🕵️♂️💻 Chinese Cyber Espionage Group Linked to Ransomware Attack on Asian Software Firm. A November 2024 ransomware attack on an unnamed Asian software company utilized a malicious toolset previously associated with China-based cyber espionage groups, suggesting a potential shift in tactics. The attack involved exploiting a known vulnerability in Palo Alto Networks PAN-OS, leading to the deployment of PlugX malware before encrypting the company’s data with RA World ransomware. Symantec’s report indicates that this dual approach of espionage and financial gain may be the work of a lone actor, a rare occurrence in the Chinese hacking landscape. Meanwhile, the Salt Typhoon group has been linked to cyber attacks targeting multiple telecommunications providers by exploiting vulnerabilities in Cisco devices, emphasizing the ongoing threat posed by state-sponsored hacking.
