- 퀄컴, 베트남 빈AI의 생성형 AI 부문 ‘모비안AI’ 인수··· AI 솔루션 고도화 박차
- 블로그 | 정치적 격동기에 IT 리더가 할 수 있는 역할
- 완전 자율 주행 자동차가 관광 산업에도 영향··· 웨이모, ‘2025 관광 영향 보고서’ 발간
- European cloud group invests to create what it dubs “Trump-proof cloud services”
- The OnePlus 12 is still a powerhouse in 2025 - and it's on sale for a limited time
Chinese Cyber Espionage Groups Increasingly Targeting Russia
Chinese APT groups are increasingly targeting Russian organizations following the war in Ukraine, according to research by SentinelLabs.
The latest investigation indicated that a Chinese state-sponsored cyber espionage group launched a “cluster” of phishing emails to deliver remote access Trojan (RAT) malware, most commonly Bisonal, against Russian targets in recent weeks. SentinelLabs researchers attributed this threat activity “with high confidence” to a Chinese state-backed group, although “specific actor attribution is unclear at this time.”
The new analysis follows other campaigns by Chinese APT groups targeting Russia in recent months. These include Scarab, Mustang Panda and Space Pirates, which were also identified by SentinelLabs. Additionally, in May, Google’s Threat Analysis Group (TAG) highlighted the growing targeting of Russia by Chinese threat groups.
The latest campaign has also been noted by CERT-UA, Ukraine’s National Computer Emergency Response Team. On June 22, the organization reported several RTF documents containing malicious code exploiting one or more vulnerabilities in MS Office. It believes that these documents were built with the Royal Road builder and dropped the Bisonal backdoor, both of which are strongly associated with Chinese APT groups: Royal Road is a malicious document builder used widely by such groups, while Bisonal is a backdoor RAT unique to Chinese threat actors.
SentinelLabs added that it had identified associated activity targeting telecommunication organizations in Pakistan, using similar attack techniques.
The cybersecurity firm noted that “it remains clear that the Chinese intelligence apparatus is targeting a wide range of Russian-linked organizations.”
It continued: “SentinelLabs assessed with high confidence that the Royal Road-built malicious documents, delivered malware, and associated infrastructure are attributed to Chinese threat actors. Based on SentinelLabs’ observations, there’s been a continued effort to target Russian organizations by this cluster through well-known attack methods – the use of malicious documents exploiting n-day vulnerabilities with lures specifically relevant to Russian organizations. Overall, the objectives of these attacks appear espionage-related, but the broader context remains unavailable from our standpoint of external visibility.”
Earlier this week, MI5 and FBI leaders warned business leaders and academics of the “massive” cyber-espionage threat from China.
