Organizations in the critical infrastructure and government sectors worldwide have been subjected to ransomware attacks by cyberespionage threat operations believed to be associated with China and North Korea from 2021 to 2023, reports The Hacker News.
Attacks aimed at up to 30 organizations in Europe and the Americas, particularly the U.S. manufacturing industry, have been linked to Chinese hacking group APT41 and North Korean state-backed advanced persistent threat operation Andariel due to the usage of Jetico BestCrypt and Microsoft BitLocker, as well as the DTrack backdoor and China Chopper web shell, a joint analysis from SentinelOne and Recorded Future revealed. Another group of intrusions by China-linked threat operation ChamelGang, also known as CamoFei, was noted to have involved the use of BeaconLoader, Cobalt Strike, and CatB ransomware, as well as the MGDrive and DoorMe backdoors that were previously used by Chinese hacking operations Storm Cloud and REF2924. "Threat actors in the cyberespionage ecosystem are engaging in an increasingly disturbing trend of using ransomware as a final stage in their operations for the purposes of financial gain, disruption, distraction, misattribution, or removal of evidence," said researchers.