Chinese Hacking Groups Are Targeting Russian IT Companies In Recent Cyberattacks

Since late July 2024, a series of precise cyberattacks has targeted numerous systems within Russian government agencies and IT firms. These attacks have been attributed to Chinese hackers associated with the APT31 and APT27 groups. Kaspersky, the cybersecurity firm that uncovered the operation, has named it "EastWind." According to their report, the campaign utilizes an updated version of the CloudSorcerer backdoor, previously identified in a similar cyber espionage effort against Russian governmental bodies in May 2024. It's important to note that CloudSorcerer's impact extends beyond Russia. Proofpoint documented an attack on a U.S.-based think tank in May 2024 linked to the same malware. Read more...