When Allies Attack: Chinese Hackers APT31 & APT27 Target Russian Systems in EastWind Cyber Offensive
Chinese hackers APT31 and APT27 are wreaking havoc on Russian systems in the latest cyberespionage campaign, EastWind. Using a revamped CloudSorcerer backdoor, the attack employs phishing emails and sneaky DLL side loading to drop malware like GrewApacha and PlugY. Kaspersky’s findings underscore the complex cyber…
Hot Take:
So, it turns out that while Russia and China might be BFFs on the world stage, their hackers are frenemies in the digital underworld. Nothing says “I value our relationship” quite like a good old-fashioned cyberespionage campaign. Who needs soap operas when you’ve got international cyber drama?
Key Points:
- Chinese hacker groups APT31 and APT27 are behind the “EastWind” cyberattacks targeting Russian government and IT systems.
- The campaign uses an updated CloudSorcerer backdoor, also seen in attacks on U.S. entities.
- Phishing emails with RAR attachments are the main infection vector.
- Kaspersky identified multiple malware tools, including GrewApacha, CloudSorcerer, and the new PlugY backdoor.
- Detection is tricky due to varied backdoors and sophisticated evasion techniques.
Membership Required
You must be a member to access this content.