WithSecure™ report documenting the movement of SILKLOADER from China to Russia highlights implications of cooperation among threat actors.
The cyber crime industry allows threat actors to share tradecraft with one another, driving growth in the number and capabilities of threats. A new report from WithSecure™ (formerly known as F-Secure business) illustrates this dynamic by documenting the migration of the “SILKLOADER” cyber attack tool from Chinese cyber criminals to Russian ransomware gangs.
WithSecure™ researchers first discovered SILKLOADER when it was used in an attack against a social welfare organization in France. According to the report, it has been used in attacks since at least early 2022.
Before summer 2022, it was used exclusively by Chinese cyber criminals against targets in East Asia, predominantly Hong Kong and China. However, SILKLOADER activity ceased in July.
SILKLOADER was not seen again until September, when it reappeared in a different set of attacks against different targets in different countries, including Taiwan, Brazil, and France.
WithSecure™ researchers concluded that SILKLOADER had moved to the Russian cyber crime ecosystem. The most likely explanation is that Chinese cyber criminals sold it to Russian counterparts.
"We believe SILKLOADER is currently distributed within the Russian cyber crime ecosystem as an off-the-shelf loader through a Packer-as-a-Service program to ransomware groups, or possibly via groups offering Cobalt Strike/Infrastructure-as-a-Service to trusted affiliates. We have usually seen it during hands-on intrusions in the early stages of what look like ransomware attacks,” said WithSecure™ Intelligence Researcher Mohammad Kazem Hassan Nejad. “Most of the affiliates appear to have been part of or have had close working relationships with the CONTI group, its members, and offspring after its alleged shutdown.”
SILKLOADER, a type of malware called a loader, abuses a technique known as DLL sideloading usin ..
Support the originator by clicking the read the rest link below.