China-Linked Hackers Could Be Behind Cyberattacks On Russian State Agencies, Researchers Say

According to Kaspersky, hackers linked to Chinese threat actors have targeted Russian state agencies and tech companies in a campaign named EastWind. The Record reports: [T]he attackers used the GrewApacha remote access trojan (RAT), an unknown PlugY backdoor and an updated version of CloudSorcerer malware, which was previously used to spy on Russian organizations. The GrewApacha RAT has been used by the Beijing-linked hacking group APT31 since at least 2021, the researchers said, while PlugY shares many similarities with tools used by the suspected Chinese threat actor known as APT27.

According to Kaspersky, the hackers sent phishing emails containing malicious archives. In the first stage of the attack, they exploited a dynamic link library (DLL), commonly found in Windows computers, to collect information about the infected devices and load the additional malicious tools. While Kaspersky didn't explicitly attribute the recent attacks to APT31 or APT27, they highlighted links between the tools that were used. Although PlugY malware is still being analyzed, it is highly likely that it was developed using the DRBControl backdoor code, the researchers said. This backdoor was previously linked to APT27 and bears similarities to PlugX malware, another tool typically used by hackers based in China.

Vault7

[dwater]

They make claims like this as if Vault7 doesn't exist.

The US normalized this

[rapjr]

and now the genie will never be put back in the bottle. The cost of cybersecurity will grow until it threatens to destroy the world, and then technology will become primitive again.

Re:

[Fons_de_spons]

Well, I do not think the US normalized this. Everyone was busy doing this. The US of course just wanted to show off and wanted to be greater than everyone else. Not sure if cybersecurity is the one that kills the world. There are a lot of other contenders there. Slashdot commenters grouping up and installing a tech-tatorship is one of them. But that falls under the category cybersecurity I guess.
We survived with pen and paper for a few dozen decades. The games are a bit more boring and the graphics suck,

Re:

[gtall]

The U.S. just wanted show off? The spooks don't usually show off, it sort defeats their purpose.

Re:

[Fons_de_spons]

It is sow hardwired in US DNA that they can't help themselves. The greatest data collection on internet users in history! Then there was the greatest whistleblower and I can keep on going.
(Don't take this too serious)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jd]

You're largely right, but it is possible to massively raise the difficulty level.

This would require a few changes to how things are done.

For example, it would be necessary to develop a strong but appropriate lemon law for software and CPUs/GPUs, along with a far more effective system+organisation for testing, evaluating, and certifying software and processors, not just for security but also for robustness and reliability.

(Because this'll necessitate linking against debugging libraries, particularly debuggin

Step 1

[locater16]

Are the next steps "invade nearby country under de facto protection of Russia if the impression that Russia isn't in a place to defend that country is given"?

Re:

[Pravetz-82]

Yes, China can take over everything east of Ural (most likely without firing a single shot). The west will be "very concerned", but will do nothing to stop it. The local population will be indifferent or even cheer the change (at least initially).

Re:

[gtall]

More to the point, there is nothing the West could do to stop it. China is making headway with the 'stans, and they would indeed initially welcome it. Eventually, they'll figure out what the African countries are learning, China through its CCP is merely a bloodsucking leech.

Re:

[Baron_Yam]

>Eventually, they'll figure out what the African countries are learning, China through its CCP is merely a bloodsucking leech.

To be fair, so far China's been a bit kinder to African nations than the British Empire or the US. So far.

What's the problem?

[Kernel Kurtz]

I see no problem with Chinese sponsored groups launching cyber attacks on Russia and no have doubt the reverse is happening as well. They both really deserve each other.

Re:

[Fons_de_spons]

I think it is at least a ménage à trois. Gross.

Re:

[VeryFluffyBunny]

You haven't considered the possibility that it's a false flag operation, made relatively easy to detect so it makes embarrassing headlines?

Re:

[gtall]

Stop watching T.V., bad for you, make you imagine things not there.

Re:

[VeryFluffyBunny]

Not T.V. You should read up on what spy agencies get up to; it's entertaining!

Re:

[jd]

It's the same problem as with any other non-discriminatory weapon. Someone you don't like being hit today is no guarantee you won't be hit tomorrow.

Indeed, as slow data corruption is a common technique, you can't be sure you're not already a dead victim who just doesn't know it yet.

Re:

[Kernel Kurtz]

Someone you don't like being hit today is no guarantee you won't be hit tomorrow.

Never said it did. Spreading their resources around is still better than concentrating them all on us.

So that's what Xi meant

[Big Hairy Gorilla]

when he said a "a friendship with no limits".

Re:

[Rosco P. Coltrane]

I thought Russia and China were allies

You would think Russia remembered that masterclass lesson in backstabbing called the Molotov-Ribbentrop Pact [wikipedia.org] that happened to them. But the Russians are phenomenally good at forgetting the lessons of the past and never improving their lot in general.

Re:

[CommunityMember]

I thought Russia and China were allies ....

Every country uses various means of espionage against even their "allies", for no one (with a brain) trusts their allies to always tell the truth, the whole truth, and nothing but the truth. "Trust, but verify".

Money and Bills?...

[DrYak]

I thought Russia and China were allies, why would they be targeting each other with cyber attacks?

...allies until China got mad after realizing that Russia won't pay and is blocked from paying all the rubles they owe for parallel importing banned goods, probably?

So a few ransomware attacks to recoup that lost money would be the final target?

...and Russia being mad that China ceded to international pressure to stop parallel imports ?

So retaliation?

Re: Allies

[PoopMelon]

Because it's a conspiracy theory, that's why

Re:

[quonset]

I thought Russia and China were allies,

There is no honor among thieves.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Junta]

Note at least from what I saw, they said "Chinese" not necessarily "Chinese government". Being based in a country is very different from being a state actor.

State Actors?

[RossCWilliams]

I don't think there is any way to even know if a hacker is a state actor, much less identify which state.

Re:

[Baron_Yam]

>I don't think there is any way to even know if a hacker is a state actor, much less identify which state.

You know by their choice of target, the difficulty of what they've done (especially if it requires physical access and/or detailed site-specific knowledge), and whether they are under legitimate threat of arrest where they live.

Then of course there's the old fashioned spying where you simply learn about a hacking group from someone who knows and is either directly reporting to you or is monitored by

Re:

[RossCWilliams]

we just go by what our intelligence agencies and security experts (who may be influenced by our intelligence agencies) tell us through the media.

I don't think any of those are reliable sources. The reality is the claims these are state actors are mostly self-serving for intelligence agencies. If they were common criminals they wouldn't really have a role, it would be a law enforcement problem.

Re:

[VeryFluffyBunny]

Yeah, a state actor that wants to sour diplomatic relations between two super powers for financial &/or political gain would leave particular "clues" in the attacks to point the finger in one direction or another. Also, make easy enough to detect & identify so that it makes headlines. You know, the threat actors who want us to believe that, "All's fair in love and war."

Then again, the USA got caught doing the same thing to its "allies" in the EU & the UN.

Re:

[jd]

My impression is that certain groups tend to use a common set of tools and are known, through conventional espionage, to be receiving funding or other state assistance. It's then assumed that the state is effectively controlling that group.

Re:

[jonadab]

It's certainly not like in the movies, where as soon as somebody hacks into your computer, your security guru instantly starts furiously typing and says something like "It's my old nemesis, he's got into our mainframe somehow. I'll see if I can hold him off..."

In the real world, it's more like you execute a series of warrants and usually the trail is cold before you can get all that done, but occasionally you get lucky and are able to actually trace the attack back to an IP address, and then you have to id

Interesting

[Baron_Yam]

So a security group under Putin's control is accusing China of cyber warfare against Russia.

That's interesting, because we do know that in Russia's sanction-weakened state that China's taking the opportunity to slowly turn Russia into a vassal state for the natural resources. Putin's not that stupid, and it's what he'd do in their place so he has to know it's happening... he's cornered himself to where letting China bleed him slowly is preferable to letting the world suffocate him quickly.

So is this announcement Putin's paranoia and fear making him question that deal and starting to break from China?

Re:

[PPH]

and starting to break from China?

Let's just hope it doesn't result in another Red Star Rogue [wikipedia.org] plot.

Re:

[gtall]

Putin is not that stupid? Believing his own spooks, he invaded Ukraine declaring it not a real country, thus turning a country into a real country that is hell bent on defeating him. Using his Kleptocrats to run his own country into the ground also counts as stupid. Getting into bed with a neighbor who could eat Russia for lunch is also stupid.

Re:

[Baron_Yam]

I don't think he's a genius, and I fully believe it is stupid to bleed the economy and torch the world around you for temporary personal enrichment, but this kind of basic strategy doesn't exactly require genius to see.

As I said, given the opportunity it's exactly what he'd do to someone else. That's why I would expect him to perceive this as the same thing being done to Russia.

Re:

[nevermindme]

Russians, explicitly Moscovites, spend so much time playing verbal chess they forget words are not actions and unless you are a chiseled god like Ivan Drago eventually some poor fucker has to take a muddy hill with no airpower. That soliders slogging through the marshes never been someone from Moscow or St. Petersburg. That dude is the guy on the box making speeches 500km away.

Re:

[Junta]

Note they don't say "state actor" or "cyber warfare". They say the campaign resembles other campaigns by people in China. They make no assertion that the government is involved, or that it is 'warfare'.

"According to Kaspersky"...are you serious?

[Eunomion]

You're actually submitting a story from a no-name website that cites Kaspersky as its source? Whatever the motivational logic of the claims, these are not credible sources of information. They don't become credible simply because they contrast with apparent postures. Non-credibility = zero informational value to us, the public, even if it may inform some higher-level analysis.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Eunomion]

Apparently I have a fan club. Tell you what: Introduce me to your wife and I'll give you an autograph. On her.

Re:

[Eunomion]

Alright, I'll sweeten the pot: Introduce me to your wife and I'll let you raise the kids we end up having. I'll even let you pay their college tuition, but only because we're friends.

comments

[ole_timer]

rather then reply to all the nonsense here individually here is one big post: 1. of course plugy is real just as plugx was real. doh. 2. we spy on allies and they spy on us, it's all part of the game. doh. 3. regardless of what you think about kaspersky they do know what they are doing. doh. 4. of course we can attribute, just because you can't does not make unreal.