1. Forum
  2. FidoNet
  3. CONSPRCY

  • Russian tech firm attacke

    From Mike Powell@1:2320/105 to All on Sun Oct 19 09:15:12 2025
    Russian tech firm attacked by Chinese state hackers in allied attack

    Date:
    Fri, 17 Oct 2025 17:43:00 +0000

    Description:
    The Chinese were apparently spying on Russians for almost half a year.

    FULL STORY

    Chinese hackers were recently seen targeting Russians, which raised eyebrows among the western cybersecurity community who perceive the two countries as allies in cyberspace and beyond.

    Earlier this week, security outfit Symantec published a new report in which
    it detailed the work of Jewelbug, a Chinese state-sponsored threat actor
    thats been highly active in recent months. In the report, Symantec said Jewelbug was seen going after targets in South America, South Asia, Taiwan
    and, most notably, Russia.

    In early 2025, Jewelbug managed to sneak into the network of a Russian IT service provider, and remain there for no less than five months. During that time, they accessed code repositories and software build systems that they could leverage to run supply chain attacks against the IT service providers customers.

    7zup.exe and Yandex

    The compromise was spotted when researchers found a file named 7zup.exe on
    the IT providers system. This is a renamed copy of a legitimate, Microsoft binary, called CDB (Microsoft Console Debugger).

    This tool can be used to run shellcode, bypass application whitelisting,
    launch executables, run DLLs, and terminate security solutions, Symantec
    added.

    Use of a renamed version of cbd.exe is a hallmark of Jewelbug activity, the report reads. Microsoft recommends that CDB should be blocked from running by default and whitelisted for specific users only when its explicitly needed.

    With the help of CBD, Jewelbug managed to dump credentials, establish persistence, and elevate privileges via scheduled tasks. They tried to cover their tracks by clearing Windows Event Logs, and used Yandex Cloud to exfiltrate data. Yandex is a Russian cloud service provider , which was probably chosen since its commonly used in the country and doesnt usually
    raise any red flags.

    The targeting of a Russian organization by a Chinese APT group shows,
    however, that Russia is not out-of-bounds when it comes to operations by China-based actors, Symantec concluded.

    Via The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-tech-firm-attacked-by-chinese-s tate-hackers-in-allied-attack

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)