When Allies Attack: Chinese Hackers APT31 & APT27 Target Russian Systems in EastWind Cyber Offensive
Chinese hackers APT31 and APT27 are wreaking havoc on Russian systems in the latest cyberespionage campaign, EastWind. Using a revamped CloudSorcerer backdoor, the attack employs phishing emails and sneaky DLL side loading to drop malware like GrewApacha and PlugY. Kaspersky’s findings underscore the complex cyber relations between diplomatically aligned nations.
Hot Take:
So, it turns out that while Russia and China might be BFFs on the world stage, their hackers are frenemies in the digital underworld. Nothing says “I value our relationship” quite like a good old-fashioned cyberespionage campaign. Who needs soap operas when you’ve got international cyber drama?
Key Points:
- Chinese hacker groups APT31 and APT27 are behind the “EastWind” cyberattacks targeting Russian government and IT systems.
- The campaign uses an updated CloudSorcerer backdoor, also seen in attacks on U.S. entities.
- Phishing emails with RAR attachments are the main infection vector.
- Kaspersky identified multiple malware tools, including GrewApacha, CloudSorcerer, and the new PlugY backdoor.
- Detection is tricky due to varied backdoors and sophisticated evasion techniques.
Already a member? Log in here