Chinese Cyberespionage Tools Used in Ransomware Attack
/ 1 min read
🦠 Chinese Cyberespionage Tools Linked to Recent Ransomware Attack. A new report from Symantec reveals that tools commonly used by Chinese cyberespionage groups were employed in a recent ransomware attack, likely executed by an individual hacker. The attack utilized a Toshiba executable to sideload a malicious DLL, deploying the PlugX backdoor, previously associated with the Mustang Panda espionage group. Between July 2024 and January 2025, this backdoor was involved in espionage against various government entities in Southeastern Europe and Southeast Asia. The attacker also executed ransomware named RA World, exploiting a known firewall vulnerability and stealing credentials before encrypting data. Symantec suggests this unusual crossover into ransomware may indicate the hacker’s intent to profit from their employer’s toolkit, contrasting with typical espionage operations.
