Ransomware leveraged to conceal cyberespionage efforts

Cyberespionage attacks by Chinese hacking operation Bronze Starlight have been disguised in the form of ransomware distribution through the use of the HUI Loader, which has also been leveraged by the China-linked Bronze Riverside threat group, ZDNet reports. Bronze Starlight has targeted a U.S. media outfit, Brazilian pharmaceutical firms, Japanese manufacturers, and an Indian organization's aerospace and defense division in attacks that involved the deployment of Cobalt Strike beacons prior to the distribution of the AtomSilo, LockFile, Night Sky, Pandora, and Rook ransomware strains, according to a report from SecureWorks' Counter Threat Unit. Researchers noted that the AtomSilo and LockFile ransomware strains had been developed first, while the rest were discovered to be based on the source code of Babuk ransomware. "Chinese government-sponsored groups using ransomware as a distraction would likely make the activity resemble financially motivated ransomware deployments. However, the combination of victimology and the overlap with infrastructure and tooling associated with government-sponsored threat group activity indicate that Bronze Starlight may deploy ransomware to hide its cyberespionage activity," said SecureWorks.