"Five Ransomware Strains Have Been Linked to Bronze Starlight Activities"

In an effort to conceal their genuine espionage activities, a group of cyberattackers with probable state support adopted a new loader to disseminate five different types of ransomware. Secureworks' cybersecurity experts released new research on HUI Loader, a malicious tool that criminals have been using since 2015. Loaders are small malicious packages that are designed to remain undetected on a compromised machine. While they frequently lack functionality as standalone malware, they do perform one critical function: they load and execute additional malicious payloads. HUI Loader is a custom DLL loader that can be used by legitimate software programs that have been hijacked and are vulnerable to DLL search order hijacking. When the loader is executed, it will deploy and decrypt a file containing the main malware payload. HUI Loader has previously been used in campaigns by groups such as APT10/Bronze Riverside, which is linked to the Chinese Ministry of State Security (MSS), and Blue Termite. In previous campaigns, the groups used Remote Access Trojans (RATs) such as SodaMaster, PlugX, and QuasarRAT. It appears that the loader has now been adapted to spread ransomware. This article continues to discuss recent findings regarding the use of ransomware to hide cyber spying. 

ZDNet reports "Five Ransomware Strains Have Been Linked to Bronze Starlight Activities"