A US cybersecurity firm has linked an attack on Russian officials to a group of Chinese hackers. These hackers have already been spotted several times over the past few months.
This is the third time in two months that security researchers have spotted a group of Chinese hackers. Experts from the American company Secureworks analyzed a phishing campaign targeting Russian officials. In a report published on April 27, they indicate that they have found evidence that the hackers are based in China. The hackers' servers have been used in previous attacks, attributed to the Mustang Panda group (also known as HoneyMyte and Bronze President).
The attackers use official documents published by the European Union as a decoy. The text in question contains details of the sanctions applied against Belarus. These files are sent in Windows executable (.exe) format, but masquerade as PDFs. They bear the name of a Russian town, Blagoveshchensk, near the border with China. Secureworks assumes that "the file name was chosen to target government officials or military personnel familiar with the area."
Aucun commentaire:
Enregistrer un commentaire