Cybersecurity experts at Sentinel Labs have found a “Chinese footprint” in attacks on Russian government systems. About it writes Kommersant with reference to the report of the American company. We are talking about a whole series of attacks committed in 2020. The goals and objectives of the attackers are not disclosed.
Analysts conducted an investigation based on the report of the center for countering cyber attacks “Rostelecom-Solar”. The report stated that an unknown professional cyber group carried out a series of attacks on federal executive bodies using phishing, web application vulnerabilities, and by hacking contractors’ infrastructure. The authors pointed out that this was done by mercenaries “pursuing the interests of a foreign state.”
For the attack, the attackers used malicious software called Mail-O. It used the cloud services of Yandex and Mail.ru Group to download data, disguising its work as official services.
Experts from Sentinel Labs studied the Mail-O algorithm and concluded that it was developed by Chinese hackers from the ThunderCats group (part of the larger TA428 group, which is associated with China). Presumably, the detected software is a variation of other programs – PhantomNet or SManager.
Representatives of Rostelecom-Solar declined to comment on Sentinel Labs’ findings. Denis Legeso, a cybersecurity expert at Kaspersky Lab, explained that the American researchers’ report is based on the characteristics of hackers. Among them — misspelling the name of the exported function Entery and similar code on the entry point in Windows. He noted that such indicators are easy to fake, but he does not believe that this is one of the similar cases.
Recall that in 2015 Russia and China signed an agreement on cooperation in the field of information security. It obliges the parties not to attack each other.
If you notice an error, select it with the mouse and press CTRL + ENTER.