It Looks Like Chinese Cybercriminal Group APT27 May Be Shifting to Ransomware Attacks



Ransomware AttacksThe perceived change in cyberattack tactics for this well-known group of hackers may mean more trouble as APT27’s talents usually reserved for espionage are focused on ransomware.

APT27 is a China-based hacking group that has historically been known for engaging in cyberattacks with the goal of stealing intellectual property, targeting business services, high tech, government, and energy sectors. They’ve traditionally used spear phishing as their initial attack vector, using exploits that have been made public.

The shift to focusing on ransomware makes sense from an execution standpoint; they already know phishing and they already know how to take advantage of other people’s code. So, why not skip the long drawn out process of navigating a victim network, finding valuable data, exfiltrating it, and then (presumably) selling it? Instead, focus on the attack and let ransomware be the money-making method!

And that’s exactly what it appears APT27 have done. According to analysis of the attacks by cybersecurity firms Profero and Security Joes, malware samples from attacks throughout 2020 tie the attacks on multiple organizations back to APT27.

APT27’s shift to using ransomware may indicate they are simply taking the easiest route to making money. And given they’ve already proven to be extremely talented at gaining entry into victim’s networks, this doesn’t bode well for organizations already concerned about ransomware in general.

Since APT27 is known for using spear phishing tactics, it’s imperative that organizations heighten their employee’s sense of cyber vigilance with Security Awareness Training. Without proper training, it’s far more likely potential victims will fall prey to attacks by groups like APT27.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews