Dozens of systems used by government bodies and IT companies in Russia have reportedly become the targets of Chinese hackers.

Moscow-based cybersecurity provider Kaspersky Lab, revealed that the backdoor malware used to gain access to the systems was "GrewApacha," a Trojan used since at least 2021 by the Chinese cyber-espionage group known as APT31 (Advanced Peristent Threat 31).

APT31 is believed to have ties to China's civilian spy agency, the Ministry of State Security (MSS). Earlier this year, the United States Justice department indicted several Chinese nationals and one company for allegedly carrying out APT31 operations.

File photo of a person using a keyboard. Kaspersky has linked the recent spate of cyberattacks on Russian companies and IT firms to a Chinese hacking ring with links to China's civilian spy agency. File photo of a person using a keyboard. Kaspersky has linked the recent spate of cyberattacks on Russian companies and IT firms to a Chinese hacking ring with links to China's civilian spy agency. Bas van Rijsbergen/Getty Images

"During these attacks, attackers infected devices using phishing emails with attachments containing malicious shortcut files," read an August 8 report by Kaspersky Lab-managed website SecureList. Kaspersky has dubbed the Russia-centered hacking campaign "EastWind."

Clicking on these files prompts the installation of the malware, which receives commands from the Dropbox cloud storage.

"With the help of this software, the attackers downloaded additional Trojans to the infected computers, in particular, tools used by the APT31 cybergroup, as well as the updated CloudSorcerer backdoor," the report said.

A Trojan is a type of malware disguised as legitimate software to trick users into installing it. Once installed, Trojans can perform malicious actions on the infected system, such as spying on users, stealing data and providing cybercriminals with unauthorized access.

The SecureList report said the method observed in the recent cyberattacks was similar to the one previously used to target a U.S. organization.

A SecureList report released last month called the updated CloudSorcerer malware "a sophisticated toolset targeting Russian government entities."

Its "ability to dynamically adapt its behavior based on the process it is running in, coupled with its use of complex inter-process communication through Windows pipes, further highlights its sophistication."

The Russian and Chinese foreign ministries didn't immediately respond to a written request for comment.

Last year, the intelligence chiefs of the Five Eyes intelligence alliance—the U.S., the U.K., Canada, Australia and New Zealand—warned of the threat posed by China's use of cutting-edge technology to carry out hacking and intellectual property theft on a large scale.

An anonymous source earlier this year leaked evidence of a massive surveillance campaign by I-Soon, an MSS-affiliated Chinese contractor, whose targets ranged from foreign governments, politicians and think tanks to private Chinese citizens.

The Chinese foreign ministry responded to the leak by saying it "firmly opposes and cracks down on all forms of cyber attack in accordance with the law."

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.