"A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks as Jewelbug, which it said overlaps with clusters known as CL-STA-0049 (Palo Alto Networks Unit 42), Earth Alux (Trend Micro), and REF7707 (Elastic Security Labs)."
"The findings suggest Russia is not off-limits for Chinese cyber espionage operations despite increased "military, economic, and diplomatic" relations between Moscow and Beijing over the years. "Attackers had access to code repositories and software build systems that they could potentially leverage to carry out supply chain attacks targeting the company's customers in Russia," the Symantec Threat Hunter Team said in a report shared with The Hacker News. "Notably too, the attackers were exfiltrating data to Yandex Cloud.""
Jewelbug, a China-linked threat actor, conducted a five-month intrusion (January–May 2025) against a Russian IT service provider, expanding operations beyond APAC and LATAM. The intruders gained access to code repositories and software build systems, creating potential for supply-chain attacks against the provider's customers. Exfiltration of stolen data occurred to Yandex Cloud. Activity clusters tied to Jewelbug include Earth Alux, CL-STA-0049, and REF7707, with Earth Alux active since at least Q2 2023 targeting government, technology, logistics, manufacturing, telecommunications, IT services, and retail to deploy VARGEIT and COBEACON. CL-STA-0049/REF7707 have distributed the FINALDRAFT (Squidoor) backdoor capable of infecting Windows and Linux, and attackers used a renamed cdb.exe to run shellcode, bypass allowlisting, launch executables, and run DLLs.
#jewelbug #chinese-cyber-espionage #supply-chain-attacks #finaldraft-squidoor #yandex-cloud-exfiltration
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]