APT31, aka Judgment Panda, Zirconium, RedBravo, is allegedly a Chinese government-backed threat group known for intellectual property theft and cyberespionage, particularly from competitive organizations.
Making the headlines
The French National Cybersecurity Agency (ANSSI) found that APT31 hackers are targeting a large number of French organizations.
- The threat actor allegedly hijacked numerous home routers in the ongoing attack campaign.
- Researchers have shared indicators of compromises to help organizations identify other possible compromises that may have begun this year.
This attack couldn’t be labeled as a cyberespionage operation since criminals targeted non-government entities. However, the group’s track record says otherwise.
A brief glance into APT31 activities
- This threat actor uses a variety of tools, including 9002 RAT, China Chopper, HiKit, PlugX, Gh0st RAT, Sakula RAT, and Trochilus RAT to perform cyberespionage attacks.
- Earlier this year, actors were found cloning a zero-day to steal sensitive data from the NSA’s Equation Group between 2015 and 2017.
- APT31 was involved in attacks against Norway’s centralized computer system in 2018, gaining administrative rights to the systems in state administration offices.
- The Finnish Parliament formally blamed APT31 for a cyberattack last year in which hackers accessed the accounts of the members.
- Google researchers confirmed that the Chinese group had targeted Joe Biden’s campaign staff, including the international affairs community.
Conclusion
The mayhem of Chinese hackers has spread quickly worldwide and APT31 is just another cog in the wheel. The U.S. federal agencies issued a joint advisory against Chinese threats comprising of more than 50 tactics, techniques, and procedures incorporated in their attacks against the U.S. and allied networks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/980a_shutterstock_305120297.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/6ddc_shutterstock_1573817047.jpg)
