1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Russian tech firm attacked by Chinese state hackers in allied att

    From TechnologyDaily@1337:1/100 to All on Friday, October 17, 2025 18:45:08
    Russian tech firm attacked by Chinese state hackers in allied attack

    Date:
    Fri, 17 Oct 2025 17:43:00 +0000

    Description:
    The Chinese were apparently spying on Russians for almost half a year.

    FULL STORY ======================================================================Chinese APT Jewelbug infiltrated a Russian IT provider, dwelling undetected for five months Attackers used renamed Microsoft debugger to bypass defenses and exfiltrate data via Yandex Cloud Symantec says China-based actors now target Russia despite perceived geopolitical alignment

    Chinese hackers were recently seen targeting Russians, which raised eyebrows among the western cybersecurity community who perceive the two countries as allies in cyberspace and beyond.

    Earlier this week, security outfit Symantec published a new report in which
    it detailed the work of Jewelbug, a Chinese state-sponsored threat actor
    thats been highly active in recent months. In the report, Symantec said Jewelbug was seen going after targets in South America, South Asia, Taiwan and, most notably, Russia.

    In early 2025, Jewelbug managed to sneak into the network of a Russian IT service provider, and remain there for no less than five months. During that time, they accessed code repositories and software build systems that they could leverage to run supply chain attacks against the IT service providers customers. 7zup.exe and Yandex

    The compromise was spotted when researchers found a file named 7zup.exe on
    the IT providers system. This is a renamed copy of a legitimate, Microsoft binary, called CDB (Microsoft Console Debugger).

    This tool can be used to run shellcode, bypass application whitelisting, launch executables, run DLLs, and terminate security solutions, Symantec added.

    Use of a renamed version of cbd.exe is a hallmark of Jewelbug activity, the report reads. Microsoft recommends that CDB should be blocked from running by default and whitelisted for specific users only when its explicitly needed.

    With the help of CBD, Jewelbug managed to dump credentials, establish persistence, and elevate privileges via scheduled tasks. They tried to cover their tracks by clearing Windows Event Logs, and used Yandex Cloud to exfiltrate data. Yandex is a Russian cloud service provider , which was probably chosen since its commonly used in the country and doesnt usually raise any red flags.

    The targeting of a Russian organization by a Chinese APT group shows,
    however, that Russia is not out-of-bounds when it comes to operations by China-based actors, Symantec concluded.

    Via The Register

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-tech-firm-attacked-by-chinese-s tate-hackers-in-allied-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)