Categories: Security

Ex-Chinese State Hackers ‘Turning To Ransomware’

Hackers who previously carried out attacks on behalf of the Chinese Government may now be behind a number of recent incidents involving ransomware, according to security researchers.

Four IT security firms have investigated about half a dozen ransomware incidents in the past three months in which the advanced techniques and attack tools used bore a close similarity to those previously employed by a group called Codoso, thought to have been working on behalf of the Chinese state, according to Reuters.

Advanced techniques

Dell SecureWorks cited three cases in the past three months in which companies were targeted using advanced penetration techniques involving known vulnerabilities in application servers and went on to install ransomware on large numbers of company computers, according to the report.

In one attack more than 100 systems were compromised, while an IT firm reportedly saw 30 percent of its computers affected. A transportation company was also affected, the report said.

Attack Research, G-C Partners and InGuardians said they had investigated three similar cases during the same period. The companies suspect Codoso in about half a dozen recent incidents affecting US companies, none of which have previously been made public, Reuters said.

The companies said the intrusion techniques, methods of navigating companies’ internal networks and the penetration software used were all similar to those used previously by Codoso.

Unemployed hackers

The security firms noted that China agreed with the US late last year to reduce its support for economic espionage, and speculated that hackers once employed by the state are turning to ransomware attacks as a new source of funds.

Codoso has previously been linked to espionage attacks on Apple’s iCloud and attacks on US military and financial services. The group is thought to have been in existence since at least 2010.

The IT security companies said they couldn’t be sure of the link and had no proof. China’s foreign ministry on Tuesday called the allegations “rumours and speculation”.

Researchers at security firm Trend Micro said last week that there were more ransomware-related infections found in February of this year as the first six months of 2015 in total. The figures also showed that there were more than twice as many infections last month than in the entire first three months of 2015, and that the combination of January and February 2016’s tally is already more than triple the infection count for the first three months of last year.

Security firms have said that payoffs from ransomware attacks are increasing, which may be luring criminals into the area from other types of financial fraud such as credit card theft.

The attacks involve infecting a system with code that encrypts the user’s files and demanding payment in order to restore the files.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago