"APT31, also known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium), is assessed to be active since at least 2010. It has a track record of striking a wide range of sectors, including governments, financial, and aerospace and defense, high tech, construction and engineering, telecommunications, media, and insurance. The cyber espionage group is primarily focused on gathering intelligence that can provide Beijing and state-owned enterprises with political, economic, and military advantages."
"The attacks aimed at Russia are characterized by the use of legitimate cloud services, mainly those prevalent in the country, like Yandex Cloud, for command-and-control (C2) and data exfiltration in an attempt to blend in with normal traffic and escape detection. The adversary is also said to have staged encrypted commands and payloads in social media profiles, both domestic and foreign, while also conducting their attacks during weekends and holidays."
During 2024–2025, the Russian IT sector, particularly companies serving as contractors and integrators for government agencies, experienced a series of targeted intrusions. APT31, active since at least 2010 and known by multiple aliases, pursued intelligence to benefit Beijing and state-owned enterprises across political, economic, and military domains. The group targeted governments, finance, aerospace and defense, high tech, construction and engineering, telecommunications, media, and insurance. Attack techniques included leveraging legitimate cloud services such as Yandex Cloud for C2 and data exfiltration, placing encrypted commands and payloads in social media profiles, and timing activity for weekends and holidays. Some breaches dated back to late 2022 with escalation around major holidays.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]