An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.
The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called “Webdav-O” that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called “BlueTraveller,” that’s known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents.
“Chinese APTs are one of the most numerous and aggressive hacker communities,” researchers Anastasia Tikhonova and Dmitry Kupin said. “Hackers mostly target state agencies, industrial facilities, military contractors, and research institutes. The main objective is espionage: attackers gain access to confidential data and attempt to hide their presence for as long as possible.”
The report builds on a number of public disclosures in May from Solar JSOC and SentinelOne, both of which disclosed a malware called “Mail-O” that was also observed in attacks…