Submission + - China Joins Russian Cyberattacks Against Europe (esecurityplanet.com) 4
storagedude writes: A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts.
The effort may or may not be coordinated, but other threat analysts also note unusual Chinese cyber activity in Europe coinciding with Russia unprovoked war against Ukraine.
Ben Read, Mandiant's Director of Intelligence Analysis, told eSecurity Planet "that we've seen similar activity to Google with China targeting Europe/Ukraine, but no indication it's coordinated with Russia."
The Google threat landscape update issued yesterday notes that Mustang Panda or Temp.Hex, a China-based threat actor, targeted European entities with lures related to the Ukrainian invasion, such as malicious attachments with file names like ‘Situation at the EU borders with Ukraine.zip’. Contained within the zip file is an executable of the same name that is a basic downloader that when executed, downloads several additional files that load the final payload, Google said.
“Targeting of European organizations has represented a shift from Mustang Panda’s regularly observed Southeast Asian targets,” Google said.
SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers' SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security Insights (SASI) report.
"Over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China," the company said in a statement. "The vast volumes of data analyzed suggests these countries may even be coordinating attack efforts. Per analysis available from SaaS Alerts, attack trend lines that compare Russia and China show almost the exact same pattern."
The surge in cyber activity reported by SaaS Alerts and others coincides with the build-up to Russia's unprovoked attack against Ukraine, and yesterday Resecurity Inc. reported that hackers – some linked to Russian GRU military intelligence – breached computers at nearly two dozen U.S. liquified natural gas (LNG) companies and the FBI reported that Russia-connected Ragnar Locker ransomware had hit at least 52 critical infrastructure companies as of January.
U.S. security agencies have issued a number of alerts on critical security infrastructure protection in recent months, including a network security framework released just last week.
The effort may or may not be coordinated, but other threat analysts also note unusual Chinese cyber activity in Europe coinciding with Russia unprovoked war against Ukraine.
Ben Read, Mandiant's Director of Intelligence Analysis, told eSecurity Planet "that we've seen similar activity to Google with China targeting Europe/Ukraine, but no indication it's coordinated with Russia."
The Google threat landscape update issued yesterday notes that Mustang Panda or Temp.Hex, a China-based threat actor, targeted European entities with lures related to the Ukrainian invasion, such as malicious attachments with file names like ‘Situation at the EU borders with Ukraine.zip’. Contained within the zip file is an executable of the same name that is a basic downloader that when executed, downloads several additional files that load the final payload, Google said.
“Targeting of European organizations has represented a shift from Mustang Panda’s regularly observed Southeast Asian targets,” Google said.
SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers' SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security Insights (SASI) report.
"Over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China," the company said in a statement. "The vast volumes of data analyzed suggests these countries may even be coordinating attack efforts. Per analysis available from SaaS Alerts, attack trend lines that compare Russia and China show almost the exact same pattern."
The surge in cyber activity reported by SaaS Alerts and others coincides with the build-up to Russia's unprovoked attack against Ukraine, and yesterday Resecurity Inc. reported that hackers – some linked to Russian GRU military intelligence – breached computers at nearly two dozen U.S. liquified natural gas (LNG) companies and the FBI reported that Russia-connected Ragnar Locker ransomware had hit at least 52 critical infrastructure companies as of January.
U.S. security agencies have issued a number of alerts on critical security infrastructure protection in recent months, including a network security framework released just last week.