atomsilo - X-Industry - Red Sky Alliance

China-linked Threat Actors Active Again

Broadcom researchers recently reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company,” reads the report published by Broadcom.

During the late 2024 attack, the attacker d

Ransomware in Use to Disguise Cyberespionage

A China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks. In attacks observed as early as mid-2021, the threat group started using the HUI Loader to drop ransomware such as AtomSilo, LockFile, Night Sky, Pandora, and Rook.

See: https://redskyalliance.org/xindustry/what-keeps-a-cfo-awake-at-night

The short lifespan of each ransomware family, victimology, and the access to tools employed by Chine

INTELLIGENCE REPORT: CYBER THREATS – ALL SECTOR

Activity Summary - Week Ending 15 October 2021:

Red Sky Alliance identified 37, 307 connections from new IP’s checking in with our Sinkholes
Analysts identified 1,873 new IP addresses participating in various botnets
Sality remains the top Malware Variant at 33,705 times seen
AtomSilo targeting Confluence
FamousSparrow and Hotels
BloodyStealer
Another .edu Hit in the UK
Pointing a Finger at China
Spanish Melia Hotels hacked
Afghan Telcom Roshan

Link to full report: IR-21-288-001_weekly_288.pdf

atomsilo (3)

China-linked Threat Actors Active Again

Ransomware in Use to Disguise Cyberespionage

INTELLIGENCE REPORT: CYBER THREATS – ALL SECTOR

Activity Summary - Week Ending 15 October 2021:

Note: this page contains paid content.