A Chinese-backed group of attackers has used ransomware as a distraction for their espionage. That’s what security guard Secureworks says.
Secureworks highlights the work of the group, which the company calls Bronze Starlight, in a new report. The group has been in existence since mid-2021 and is said to work for the Chinese government. Bronze Starlight uses a HUI loader to install various forms of ransomware, including Pandora, LockFile and more. However, extorting money would not be their main goal, according to the security guard, that is cyber espionage.
“The ransomware can distract employees who have to respond to the incident from the actual target of the attackers,” the company writes, “and reduces the chance that the activities will be assigned to government agents from China.”
Secureworks bases the theory on its research of the group. It sends out various variants of ransomware for short periods and sometimes changes its model (from a more traditional extortion model to one where it threatens to release stolen information, for example). That would be unusual for more traditional cyber-gangs, who just keep following the same tactics until they run out of money.
‘It is possible that those changes provided better options for stealing data. The attackers may also have decided that a more public profile is more effective as a distraction from their actual objectives,” Secureworks said.
According to the report, the group has claimed 21 victims, three-quarters of which could be an interesting target for Beijing. This concerns, for example, pharmaceutical companies, suppliers of military services and designers of electronic components.