Chinese APTs Targeting Russian Organizations

Industry: N/A | Level: Tactical | Source: SentinelOne

Research from SentinelLabs and the Computer Emergency Response Team of Ukraine (CERT-UA), have identified Chinese espionage groups targeting Russian government organizations. The campaign involves the distribution of malicious documents through phishing emails deploying a remote access trojan named Bisonal. The documents were created with the tool, Royal Road a "malicious document builder" with lures based on Russian government interest exploiting Microsoft Equation Editor vulnerability, CVE-2018-0798. With medium confidence, the activity is suspected to be associated with Tonto Team APT group (additional alias as “CactusPete”, “Earth Akhlut"). However, the increased rate of targeting Russian organizations could indicate the involvement of multiple Chinese threat actor groups. A statement on July 6th, 2022, from Nikolay Murashov, the deputy director of Russia's National Coordination Center for Computer Incidents, affirmed the increase rate of cyber attacks against the Russian government, "On average, a government agency in charge of detecting, thwarting and neutralizing cyberattacks has been registering more than 200 hacking attacks on a daily basis."

Anvilogic Use Cases:

• Malicious Document Execution
• Abuse EQNEDT32.EXE