"China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe"

A nation-state actor with ties to China is believed to have been behind a series of attacks against industrial organizations in Eastern Europe that occurred last year in an attempt to steal data from air-gapped systems. Researchers attributed the attacks with medium to high confidence to a hacking group called APT31, also known as Bronze Vinewood, Judgement Panda, and Violet Typhoon (formerly Zirconium), based on similarities in the observed techniques. The attacks involved over 15 different implants and their variants, classified into three broad categories based on their ability to establish persistent remote access, collect sensitive information, and send the collected data to actor-controlled infrastructure. According to researchers, one of the implant types appeared to be a sophisticated modular malware designed to profile removable drives and infect them with a worm to exfiltrate data from air-gapped industrial networks in Eastern Europe. This article continues to discuss APT31 attacks targeting industrial organizations in Eastern Europe to siphon data stored on air-gapped systems.

THN reports "China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe"