In the midst of the military and digital war between Russia and Ukraine, a third malicious agent started a cyber espionage operation against an alleged ally. China reportedly took advantage of the tense moment in Europe to launch new phishing emails against research institutes and companies linked to the Russian government, with the aim of infiltrating internal networks to steal data and confidential information.
At least one Russian state-owned company, Rostec Corporation, in the radio electronics industry, was hit by the malicious campaign, dubbed Twisted Panda. Without naming names, Check Point’s research also mentions a second Russian organization and a third in ally Belarus, all with some kind of connection to governments and focus on research related to communication, civil aviation, medical equipment or systems for sectors of defense, energy, transport, and engineering.
According to a report published by Check Point Research, a company specializing in security and threat intelligence, the campaign lasts for at least 11 months, during which time it remained completely stealthy. In March, the mass shooting of malicious emails was noticed by experts, with alleged lists of possible names and corporations that would be sanctioned by the US in the face of war being the bait for the installation of malware.
In a second instance, the fear of chemical warfare in Belarus, with mentions of an alleged attack by the United States, is used as bait for malware downloads. The documents, the researchers point out, were designed to resemble the official ones sent by the Russian government to these institutions. The same is also true of email addresses and sender signatures, with the technique of social engineering leading to the deployment of malware called Spinner on targets’ networks.
The plague is capable of installing other viruses, as well as opening gateways for remote code execution and file extraction. According to experts, the methods and solutions used make it possible to establish connections between the wave of attacks and two known threat groups from China, the APT10, also known as Red Apollo, and the Mustang Panda, also responsible for other attacks in different countries in Europe.
“The timing of the attacks and the baits used are smart. From a technical standpoint, the quality of the tools is above average, even for persistent threat groups,” says Itay Cohen, Head of Research at Check Point Software. “Spying is a systematic, long-term effort in the service of China’s strategic goals to achieve technological superiority, even against what is considered a partner like Russia.”
Source: with Agencies