Chinese espionage tools deployed in RA World ransomware attack

A China-based threat actor, Emperor Dragonfly, used espionage tools in an RA World ransomware attack on an Asian software company, demanding a $2 million ransom. Symantec researchers observed overlaps between state-backed cyber espionage and financially motivated cybercrime, with attackers using the PlugX backdoor and NPS proxy. The attackers exploited a Palo Alto PAN-OS vulnerability (CVE-2024-0012), suggesting that Chinese state-backed hackers may also be engaging in ransomware attacks for personal profit.

‍

Home >News

Chinese espionage tools deployed in RA World ransomware attack

Solutions

Services

Knowledge

Solutions

Industries

Contact us

Invinsense

About us