The RA World ransomware group has been discovered using tools traditionally associated with a Chinese-linked espionage group. The toolset variation, first seen in July, was a variant of PlugX malware. Security company Symantec suggests the attacker may have been a longtime ransomware operator, linked to other China-based ransomware payloads. There are theories this could have been to obscure intrusion evidence, though the ransomware didn’t effectively hide intrusion tools; that one actor was trying to make additional money, or for both financial and espionage reasons.
Threat actors are leaning on trusted services more than ever
Researchers have observed that cyber threats are now using legitimate services as part of their attack strategy. This trend highlights the growing complexity and sophistication
