As of April 2022, Chinese cybersecurity forces have been quietly and consistently attacking Russian military personnel using an advanced malware software called PlugX.
Cyber tech experts at the cybersecurity firm SecureWorks state it follows a similar pattern as breaches using the code names Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG.
These cybersecurity experts illustrate that "the war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations." The reality is that state-sponsored cyber campaigns are always looking out for the country's interest and collecting data from friends and foes.
About PlugX Malware
How PlugX works is that it hides in plain sight as a PDF icon under the name "Blagoveshchensk - Blagoveshchensk Border Detachment.exe." Once the user opens the item, it unleashes the encrypted PlugX payload from a remote server.
PlugX acts as what is known as a Windows backdoor, allowing the hacker to execute commands to infest the device quietly and rapidly. This typical tact has been employed by Chinese cyber agencies for many years now.
The name "Blagoveshchensk" is a city that hovers by the Chinese border, home to the 56th Blagoveshchenskiy Red Banner Border Guard Detachment, a major military outfit in Russia. The Chinese officials' names might suggest this malware was exclusively for high-ranking Russian military officials.
The state-approved cyberattacks could indicate that as the war in Ukraine continues to rage, the Chinese government is reacting to these changes and attempting to grab as much intelligence as possible. As events unfold, it'll be interesting to see how things change and if peace is around the corner.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.