Chinese state-sponsored hackers are targeting military and aerospace interests in Russia and Belarus.
Since the summer of 2016, a group began using a new downloader known as ZeroT, spear-phishing emails to install the PlugX remote access Trojan (RAT), according to security researchers at Proofpoint.
In previous campaigns, the group used spear-phishing emails with Microsoft Word document attachments utilising CVE-2012-0158, or URLs linking to .rar-compressed executable nasties. These attacks have continued alongside the deployment of ZeroT, a previously unknown malware strain, from June 2016 onwards.
China's People's Liberation Army (PLA) units are notorious for running campaigns aimed at stealing intellectual property as well as intelligence from western governments, NGOs and Chinese dissident groups. Aerospace firms in the US and Europe have long been high up on this extensive target list. An alleged Chinese knock-off of Lockheed Martin F-35 Joint Strike Fighter is the most frequently cited example, not least because a Chinese national was convicted and jailed over stealing its blueprints, but this is just one example of what military analysts allege is general theft and copying by Beijing.
Proofpoint's research shows that Russian firms, a previously under-publicised target (at least in the tech or business press), are also on the hit list. Chinese jets that look uncannily similar to Russian or US counterparts are documented in a story by US Naval Institute News here. ®