We are fundraising! Click the link to learn how you can be an investor into Atlas News!

Chinese Hackers Suspected in Attacks on Air-Gapped Systems in Eastern Europe

Chinese Hackers Suspected in Attacks on Air-Gapped Systems in Eastern Europe


The Hack:

Cybersecurity company Kaspersky has attributed a series of attacks against industrial organizations in Eastern Europe, aimed at stealing data from air-gapped systems, to a nation-state actor with links to China. The hacking crew responsible for the attacks, known as APT31 or Bronze Vinewood, has been using more than 15 distinct implants in their operations, categorized based on their functionalities.

One of the implant types discovered by Kaspersky is a sophisticated modular malware designed to profile removable drives and infect them with a worm for exfiltrating data from isolated or air-gapped networks of industrial organizations in Eastern Europe. Another implant type is meant for stealing data from local computers and sending it to Dropbox using next-stage implants.

How They Do It:

APT31 has been using various backdoors, including a malware family called FourteenHi and a first-stage backdoor named MeatBall, for remote access and initial data gathering. The group has also been observed using Yandex Cloud for command-and-control, similar to previous findings by Positive Technologies in 2022.

The threat actor’s tactics involve hiding payloads in encrypted form within separate binary data files and concealing malicious code in legitimate applications’ memory through DLL hijacking and memory injections, making it harder to detect and analyze their actions.
In addition to targeting Windows systems, APT31 has also been observed setting its sights on Linux systems, as indicated by attacks against South Korean companies using a backdoor called Rekoobe.

Kaspersky researchers highlight the sophistication of APT31’s tactics, particularly their deliberate efforts to obfuscate their actions during data exfiltration from air-gapped networks.

While abuse of cloud services is not new, APT31 continues to leverage this tactic, making detection and mitigation challenging, especially when organizations’ business processes depend on using such services.

What This Means for the Futuer:

The attacks show that APT31’s strategies are evolving, and their ability to target air-gapped systems and use encryption to evade detection underscores the need for enhanced cybersecurity measures to protect critical infrastructure and industrial organizations in the region.

Please note that the information in this news article is based on Kaspersky’s research and observations as of the mentioned date. Further developments may occur.


– Authored by contributor Anthony J. Daw

Joshua Paulo
Joshua Paulo
Joshua Paulo founded GoodHistory in 2018 on the premise that news and history blend to make well-informed politics. He has a degree in Criminal Justice, a background in public service, and is studying for a Masters degree in International Relations. With several years of experience in analysis and journalism, he now leads a team of professionals and is a proud contributor to several publications, all revolving around a common desire to bring unbiased news information to the people. Editor and writer for Atlas News.
- Sponsor -spot_img
- Sponsor -spot_img

Week's Top Stories

More In This Category

UN Security Council Authorizes Foreign Security Mission in Haiti

What You Need To Know: The United Nations Security Council...

U.S. Army Apache Helicopter Crash, Beverly WA

Update (2111 EST): No injuries reported among air crew...

At Least One Killed in Thailand Mall Shooting, 14-Year-Old Suspect in Custody

What to Know: Thai authorities have reported that at least...

Ukrainian Drone Downed Near Sochi International Airport, Russian Federation

At approximately 0130 EST, initial reports indicated that Russian...