Categories: Security

Ex-Chinese State Hackers ‘Turning To Ransomware’

Hackers who previously carried out attacks on behalf of the Chinese Government may now be behind a number of recent incidents involving ransomware, according to security researchers.

Four IT security firms have investigated about half a dozen ransomware incidents in the past three months in which the advanced techniques and attack tools used bore a close similarity to those previously employed by a group called Codoso, thought to have been working on behalf of the Chinese state, according to Reuters.

Advanced techniques

Dell SecureWorks cited three cases in the past three months in which companies were targeted using advanced penetration techniques involving known vulnerabilities in application servers and went on to install ransomware on large numbers of company computers, according to the report.

In one attack more than 100 systems were compromised, while an IT firm reportedly saw 30 percent of its computers affected. A transportation company was also affected, the report said.

Attack Research, G-C Partners and InGuardians said they had investigated three similar cases during the same period. The companies suspect Codoso in about half a dozen recent incidents affecting US companies, none of which have previously been made public, Reuters said.

The companies said the intrusion techniques, methods of navigating companies’ internal networks and the penetration software used were all similar to those used previously by Codoso.

Unemployed hackers

The security firms noted that China agreed with the US late last year to reduce its support for economic espionage, and speculated that hackers once employed by the state are turning to ransomware attacks as a new source of funds.

Codoso has previously been linked to espionage attacks on Apple’s iCloud and attacks on US military and financial services. The group is thought to have been in existence since at least 2010.

The IT security companies said they couldn’t be sure of the link and had no proof. China’s foreign ministry on Tuesday called the allegations “rumours and speculation”.

Researchers at security firm Trend Micro said last week that there were more ransomware-related infections found in February of this year as the first six months of 2015 in total. The figures also showed that there were more than twice as many infections last month than in the entire first three months of 2015, and that the combination of January and February 2016’s tally is already more than triple the infection count for the first three months of last year.

Security firms have said that payoffs from ransomware attacks are increasing, which may be luring criminals into the area from other types of financial fraud such as credit card theft.

The attacks involve infecting a system with code that encrypts the user’s files and demanding payment in order to restore the files.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

5 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

5 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

5 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

6 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

6 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

7 hours ago