China vs. Russia: The Cyber Cold War Heating Up

China and Russia may look like allies, but in cyberspace, they’re frenemies. Russian cybersecurity firm Kaspersky has uncovered malware linked to Chinese groups APT27 and APT31 on Russian government devices. The malware, spread via phishing emails, reveals a not-so-friendly cyber rivalry between the nations.

3P
Published: August 15, 2024 11:28 amAdded: August 15, 2024 at 11:01 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Russia and China are frenemies in cyberspace, with Russia playing the “betrayed bestie” card after finding Chinese malware lurking in its digital backyard. It’s like a bad episode of a spy drama, but with fewer martinis and more phishing emails.

Key Points:

  • Kaspersky identified a campaign named EastWind, involving malware from China-nexus groups APT27 and APT31.
  • Initial compromise was executed via phishing emails with malicious attachments using popular cloud services for C2 communication.
  • Stage two payloads included a trojan called GrewApacha and a backdoor named CloudSorcerer.
  • CloudSorcerer was previously detected in attacks against American organizations, deploying an implant called PlugY.
  • Despite political alliances, China and Russia appear to be in a digital “Game of Thrones” scenario, with no love lost in cyberspace.

EastWind Blowing Trouble

It seems that the winds of cyberspace are blowing from the East and bringing a storm of malware with them. Kaspersky’s boffins have uncovered a campaign dubbed EastWind, which sounds like a new age meditation retreat but is actually more sinister. This campaign has been traced back to Chinese hacking groups APT27 and APT31. Since late July, these digital troublemakers have been busy infiltrating Russian government and IT provider systems. Their weapon of choice? Good old-fashioned phishing emails, proving that classic tricks never go out of style.

Phishing for Dummies

The phishing emails in question come with a double whammy of attachments – one innocent, one not so much. The malicious attachment uses popular cloud services like DropBox and GitHub for its Command & Control (C2) operations. Imagine finding a Trojan horse in your Dropbox – it’s like storing your secrets in a Trojan horse-shaped piñata. The hackers behind this operation have a penchant for using these cloud platforms to download stage two payloads, including a trojan called GrewApacha and a backdoor named CloudSorcerer. CloudSorcerer isn’t just a cool name for a wizard; it’s also been spotted in attacks on American organizations, making it a global cyber superstar.

PlugY: The Swiss Army Knife of Malware

One of the nastier bits of code deployed by CloudSorcerer is an implant called PlugY. Think of PlugY as the Swiss Army knife of malware – it can manipulate files, run shell commands, log keystrokes, monitor screens, and even edit clipboard contents. It’s like the ultimate stalkerware for your computer. Kaspersky’s analysis suggests that PlugY has been developed using the code from the DRBControl backdoor, which has APT27’s fingerprints all over it. Essentially, it’s a remix of old malware hits, proving that hackers are just as into upcycling as hipsters in Brooklyn.

Frenemies in Cyberspace

While China and Russia might be holding hands and singing kumbaya on the political front, their digital relationship is more “It’s Complicated” than a Facebook status update. Despite backing each other up in international disputes (China supports Russia’s invasion of Ukraine, Russia parrots China’s “one China” policy), when it comes to cyber espionage, all bets are off. The EastWind campaign makes it clear that when it comes to information warfare, there are no permanent friends or enemies – just opportunities. It’s a dog-eat-dog world out there in the digital realm, and it looks like China and Russia are no exception to that rule.

Conclusion

In summary, China’s hacking groups APT27 and APT31 have been caught red-handed infiltrating Russian systems, proving that even supposed allies can’t resist the lure of a good hack. Through phishing emails and sophisticated malware like CloudSorcerer and PlugY, these groups have shown that their cyber warfare game is strong. And while China and Russia might be all buddy-buddy on the surface, it’s clear that in the world of cyberspace, it’s every nation for itself. So, the next time you get a phishing email, remember: it might just be part of a grand international espionage saga. Or, you know, someone trying to sell you fake Viagra.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?