From Espionage to Extortion: Emperor Dragonfly’s Ransomware Rampage

Emperor Dragonfly, a China-based threat actor, has swapped espionage for ransomware, demanding $2 million in a cyber attack. Symantec researchers suggest these state-backed hackers might be moonlighting for extra cash, proving that even cybercriminals need side hustles.

3P
Published: February 13, 2025 2:41 pmAdded: February 13, 2025 at 7:03 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When life hands you espionage tools, why not moonlight as a ransomware artist? Emperor Dragonfly, the cybercriminal equivalent of a double agent, is now strutting its stuff in the world of ransomware with the flair of a Bond villain. Who knew that cyber espionage tools could have a side hustle?

Key Points:

  • Emperor Dragonfly, a China-based threat actor, has been linked to both espionage and ransomware activities.
  • The group used a toolset traditionally associated with espionage in a $2 million ransomware attack.
  • Researchers observed an overlap between state-backed espionage groups and cybercrime operations.
  • The attack involved a variant of the PlugX backdoor and exploited known vulnerabilities in Palo Alto PAN-OS.
  • Symantec’s report provides indicators of compromise to help defenders detect and mitigate such attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?