Chinese hackers are increasingly deploying ransomware, researchers say | CyberScoop<\/title> <meta name=\"description\" content=\"Elite state-backed hackers are embracing the use of ransomware to obfuscate their operations. \"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Chinese hackers are increasingly deploying ransomware, researchers say\"> <meta property=\"og:description\" content=\"Elite state-backed hackers are embracing the use of ransomware to obfuscate their operations. \"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-06-26T10:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-06-26T00:02:51+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1719250562g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1719360210g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1716385020g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80809\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80809\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchinese-hackers-are-increasingly-deploying-ransomware-researchers-say%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchinese-hackers-are-increasingly-deploying-ransomware-researchers-say%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80809 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.886509635974\">\n<div class=\"single-article__header-content\" readability=\"28.878048780488\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Elite state-backed hackers are embracing the use of ransomware to obfuscate their operations. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-5.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Members of the People\u2019s Liberation Army flag honour guard march in Tiananmen Square after the closing session of the NPC, or National People\u2019s Congress at the Great Hall of the People on March 11, 2024 in Beijing, China. (Photo by Kevin Frayer\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"50.371617989608\"><body readability=\"101.6077917213\"><\/p>\n<p>Chinese-linked cyberespionage campaigns are increasingly deploying ransomware as the final stage in operations to either make money, distract their adversaries or make it more difficult to attribute their work, researchers with SentinelLabs and Recorded Future said Wednesday. <\/p>\n<p>Historically, cyberespionage groups working on behalf of states have mostly eschewed the use of ransomware, but that appears to now be changing as state-backed hackers are increasingly using the epidemic of ransomware to hide their operations. According to <a href=\"https:\/\/s1.ai\/Chamel-r\">Wednesday\u2019s report<\/a>, apparent ransomware attacks against the Brazilian presidency and the All India Institute of Medical Sciences (AIIMS), carried out in 2022 and so far unattributed, were in fact the work of a suspected Chinese-linked cyberespionage operation tracked as ChamelGang, or CamoFei. <\/p>\n<p>Cyberespionage disguised as ransomware provides \u201can opportunity for adversarial countries to claim plausible deniability by attributing the actions to independent cybercriminal actors rather than state-sponsored entities,\u201d SentinelLabs Senior Threat Researcher Aleksandar Milenkoski and Recorded Future Senior Threat Researcher Julian-Ferdinand V\u00f6gele write in the report. <\/p>\n<p>Misattributing cyberespionage as purely financially motivated cybercrime can also have strategic repercussions, the researchers said, particularly in cases where supposed ransomware attacks target government or critical infrastructure organizations.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ransomware attacks typically lock files and data, with attackers only making them available after a ransom is paid. Other times, ransomware operators never decrypt the data in question, turning a ransomware attack into a destructive attack. In the aftermath of such an attack, the onus is typically on getting systems back online and restoring encrypted data to the greatest extent possible. That plays into the hands of cyberespionage groups, who can masquerade as destructive ransomware operators and carry out attacks that destroy intrusion-related artifacts, making it difficult to attribute their operations. <\/p>\n<p>Police in Delhi called the November 2022 AIIMS attack an act of \u201ccyber terrorism,\u201d <a href=\"https:\/\/www.hindustantimes.com\/cities\/delhi-news\/aiims-server-outage-being-probed-as-cyber-terror-act-delhi-police-101669308187997.html\">Indian media reported at the time<\/a>, with <a href=\"https:\/\/www.ndtv.com\/india-news\/aiims-delhi-server-attack-was-by-chinese-5-physical-servers-infiltrated-by-hackers-data-retrieved-now-government-sources-3605639\">anonymous government officials<\/a> there saying the attack was carried out \u201cby the Chinese\u201d and represented a possible \u201chostile cross-border attack.\u201d<\/p>\n<p>The Indian and Brazilian embassies in Washington, D.C., did not respond to a request for comment ahead of the report\u2019s release.<\/p>\n<p>Liu Pengyu, spokesman for the Chinese Embassy in Washington, D.C., told CyberScoop in an email that China \u201cfirmly opposes and combats cyber attacks and cyber theft in all forms.\u201d <\/p>\n<p>\u201cGiven the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, identifying the source of cyber attacks is a complex technical issue,\u201d Pengyu said. \u201cWe hope that relevant sides will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless speculations and allegations.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The report that Chinese hackers are increasingly using ransomware comes as top <a href=\"https:\/\/cyberscoop.com\/feds-chinese-hacking-operations-have-been-in-critical-infrastructure-networks-for-five-years\/\">U.S. officials continue to sound the alarm<\/a> about what they say is <a href=\"https:\/\/cyberscoop.com\/fbi-warns-china-preparing-for-disruptive-attacks\/\">aggressive Chinese prepositioning of cyber capabilities<\/a> in sensitive U.S. civilian networks that would typically have no obvious espionage value. That activity, <a href=\"https:\/\/cyberscoop.com\/tag\/volt-typhoon\/\">tracked publicly as Volt Typhoon<\/a>, is designed to influence U.S. decision-making in the event of a conflict, officials have said. <\/p>\n<p>The use of ransomware by Chinese-linked cyber operations is not unprecedented. Researchers with <a href=\"https:\/\/services.google.com\/fh\/files\/misc\/apt41-a-dual-espionage-and-cyber-crime-operation.pdf\">Mandiant have previously detailed<\/a> activities tracked as APT41, which include state-sponsored espionage activity as well as \u201cfinancially-motivated activity potentially outside of state control.\u201d <a href=\"https:\/\/www.secureworks.com\/research\/bronze-starlight-ransomware-operations-use-hui-loader\">Researchers with Secureworks<\/a> have also documented Chinese-linked intellectual property theft activity with ransomware deployment, as has <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/05\/09\/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself\/#DEV-0401\">Microsoft<\/a>.<\/p>\n<p>Russian military intelligence has also used disruptive and destructive malware \u2014 including ransomware \u2014 during its ongoing assault on Ukraine, according to <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/gru-disruptive-playbook\">a July 2023 analysis from Mandiant<\/a>. Ransomware temporarily misdirects attribution and amplifies the psychological aspect of a given operation, the researchers said, and allows the GRU to \u201cmore rapidly replenish its arsenal with new, undetected disruptive tools than it could have by developing them in-house.\u201d<\/p>\n<p>Ransomware as part of state-aligned operations could also be useful as a smoke screen of sorts that serves a variety of goals, said Ben Carr, advisory chief information security officer with Halcyon. <\/p>\n<p>\u201cPart of it is to do with intelligence gathering, understanding what could they do if they really wanted to do something potentially much more malicious. How would that look?\u201d Carr said. \u201cIt\u2019s almost wargaming, in essence.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Wednesday\u2019s report also includes analysis of a separate cluster of cyberespionage-related activity using off-the-shelf tools that targeted U.S. manufacturers and a variety of industries in North and South America and in Europe. The attribution on the second cluster is less clear, the researchers said, but has some overlap with past Chinese and North Korean-linked activity. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.1327800829876\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"19.05\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/chinese-cyber-espionage-campaign-targets-dozens-of-western-governments-dutch-officials-say\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> Tulips bloom against a backdrop of high-rise buildings on May 3, 2018, in The Hague, Netherlands. (Photo by Yuriko Nakao\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.1155555555556\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/chinese-cyber-espionage-campaign-targets-dozens-of-western-governments-dutch-officials-say\/\"> Chinese cyber espionage campaign targets \u2018dozens\u2019 of Western governments, Dutch officials say <\/a> <\/h3>\n<p> The ongoing operation claims international organizations and the defense industry as its victims, per authorities. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/china-hacking-operational-relay-box-networks\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=768,513 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=1024,684 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=1536,1026 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=600,401 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=1011,675 1011w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-7.jpg?resize=1263,843 1263w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Internet connector into a LAN router switch. (Yori Meirizan\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/china-hacking-operational-relay-box-networks\/\"> Chinese-linked hacking units increasingly use \u2018ORBs\u2019 to obfuscate espionage, researchers say <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/microsoft-ai-election-taiwan\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say-8.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Confetti flies over the stage and crowd as Taiwan\u2019s president-elect from the Democratic Progressive Party, Lai Ching-te, speaks to supporters at a rally at the party\u2019s headquarters on January 13, 2024 in Taipei, Taiwan. Lai was among the politicians targeted by AI-generated propaganda. (Photo by Annice Lyn\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/microsoft-ai-election-taiwan\/\"> Chinese hackers turn to AI to meddle in elections <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese hackers are increasingly deploying ransomware, researchers say | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1753,302,46,2015,966,1498],"tags":[277,1756,306,54,2017,969,1499],"class_list":["post-4183","post","type-post","status-publish","format-standard","hentry","category-china","category-cyber-espionage","category-geopolitics","category-ransomware","category-recorded-future","category-sentinellabs","category-volt-typhoon","tag-china","tag-cyber-espionage","tag-geopolitics","tag-ransomware","tag-recorded-future","tag-sentinellabs","tag-volt-typhoon"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-espionage\/\" rel=\"category tag\">cyber espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/recorded-future\/\" rel=\"category tag\">Recorded Future<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sentinellabs\/\" rel=\"category tag\">SentinelLabs<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/volt-typhoon\/\" rel=\"category tag\">Volt Typhoon<\/a>","tag_info":"Volt Typhoon","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4183"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4183\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4183,"date":"2024-06-26T05:00:00","date_gmt":"2024-06-26T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80809"},"modified":"2024-06-26T05:00:00","modified_gmt":"2024-06-26T10:00:00","slug":"chinese-hackers-are-increasingly-deploying-ransomware-researchers-say","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/26\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/","title":{"rendered":"Chinese hackers are increasingly deploying ransomware, researchers say"},"content":{"rendered":"