The RA World ransomware group has been discovered using tools traditionally associated with a Chinese-linked espionage group. The toolset variation, first seen in July, was a variant of PlugX malware. Security company Symantec suggests the attacker may have been a longtime ransomware operator, linked to other China-based ransomware payloads. There are theories this could have been to obscure intrusion evidence, though the ransomware didn’t effectively hide intrusion tools; that one actor was trying to make additional money, or for both financial and espionage reasons.
North Korean hackers spotted using ClickFix tactic to deliver malware
The North Korean group Kimsuky is employing a social engineering tactic called “ClickFix” to distribute malware to South Korean targets. The strategy tricks users into
