Russian Organizations in Chinese APT Crosshairs
Overview SentinelLabs recently reported on a new cluster of activity targeting Russian organizations that they attributed with high-confidence to a Chinese state-sponsored espionage group. This was corroborated by a recent Ukraine CERT advisory (June 22, 2022). The report highlights recent Chinese intelligence objectives regarding the observation of Russian organizations in the midst of the chaotic conflict in Ukraine. Scarab, Mustang Panda, and Space Pirates campaigns have all been observed and previously reported on but the researchers at SentinelLabs believe their ongoing analysis points to a new, separate campaign being conducted by an unattributed Chinese APT. Campaign Details Back in June, CERT-UA asserted that the malicious RTF documents seen in phishing attempts against Russian organizations were " likely built in the Royal Road builder and dropped via the Bisonal backdoor ". SentinelLabs researchers took the OSINT provided by nao_sec and Malwarebytes, regarding C2 ...