Chinese espionage group APT27 moves into ransomware | SC Media

Chinese espionage group APT27 moves into ransomware | SC Media

Researchers have discovered that the Chinese espionage group APT27 has moved into more financially-motivated cybercrimes, using ransomware to encrypt core servers at major gaming companies worldwide.


In a blog released by Profero and Security Joes, researchers said the team first started following APT27 closely in early 2020 when they responded to the ransomware incident. During that investigation they found malware identified by TrendMicro back in July 2019, which was linked to a campaign by APT27 and Winnti, known as DRBControl. Both groups are linked to China.


The Profero/Security Joes report on the ransomware incidents found extremely strong links to APT27 in terms of code similarities and tactics, techniques and procedures. They said what stood out in this incident was the encryption of core servers using BitLocker, a drive encryption tool built into Windows. The approach was unusual, given threat actors typically drop the ransomware to the machines as opposed to ..

Support the originator by clicking the read the rest link below.