The perceived change in cyberattack tactics for this well-known group of hackers may mean more trouble as APT27’s talents usually reserved for espionage are focused on ransomware.
APT27 is a China-based hacking group that has historically been known for engaging in cyberattacks with the goal of stealing intellectual property, targeting business services, high tech, government, and energy sectors. They’ve traditionally used spear phishing as their initial attack vector, using exploits that have been made public.
The shift to focusing on ransomware makes sense from an execution standpoint; they already know phishing and they already know how to take advantage of other people’s code. So, why not skip the long drawn out process of navigating a victim network, finding valuable data, exfiltrating it, and then (presumably) selling it? Instead, focus on the attack and let ransomware be the money-making method!
And that’s exactly what it appears APT27 have done. According to analysis of the attacks by cybersecurity firms Profero and Security Joes, malware samples from attacks throughout 2020 tie the attacks on multiple organizations back to APT27.
APT27’s shift to using ransomware may indicate they are simply taking the easiest route to making money. And given they’ve already proven to be extremely talented at gaining entry into victim’s networks, this doesn’t bode well for organizations already concerned about ransomware in general.
Since APT27 is known for using spear phishing tactics, it’s imperative that organizations heighten their employee’s sense of cyber vigilance with Security Awareness Training. Without proper training, it’s far more likely potential victims will fall prey to attacks by groups like APT27.