Russian Organizations Attacked by Chinese Hackers
"GrewApacha," a Trojan used since 2021 by the Chinese cyber-espionage group known as APT31 (Advanced Persistent Threat 31) is the backdoor malware being blamed for a cyberattack that has affected multiple government bodies and IT companies in Russia.
During these attacks, the Russian devices were infected using phishing emails with attachments containing malicious shortcut files. The attackers then downloaded additional Trojans to the infected computers, especially tools used by the Chinese APT31 cybergroup, as well as the sophisticated toolset known as the updated CloudSorcerer to target the Russian government entities.
APT31 is believed to have ties to China's civilian spy agency, the Ministry of State Security (MSS). Read more about this story on our LinkedIn page
During these attacks, the Russian devices were infected using phishing emails with attachments containing malicious shortcut files. The attackers then downloaded additional Trojans to the infected computers, especially tools used by the Chinese APT31 cybergroup, as well as the sophisticated toolset known as the updated CloudSorcerer to target the Russian government entities.
APT31 is believed to have ties to China's civilian spy agency, the Ministry of State Security (MSS). Read more about this story on our LinkedIn page