The hacker group ART31, which is associated with the Chinese special services, attacked the Russian digital infrastructure for the first time in history. The number of objects and names of companies that have become victims of the hack have not yet been named due to the privacy policy. The group previously attacked participants in the US presidential elections in 2020, as well as government agencies in Norway, France and Germany. ART31 is known as Hurricane Panda and Zirconium.
Representatives of Positive Technologies, a cybersecurity company, told Sekret about the attack on Russian computers of the ART31 group. Also, since the beginning of 2021, hackers have tried to gain access to computers in Belarus, Mongolia, the United States and Canada.
For the attack, cyber fraudsters from ART31 send out phishing emails. They contain a link to a fake domain that looks like the site of a government agency. The user clicks on a malicious link, after which a Trojan program is installed on his computer, which gains access to device control.
At the same time, according to a representative of Positive Technologies, hackers from the ART31 group use copies of digital signatures, which anti-virus programs identify as original, and the Trojan program as certified software.
Anton Yudakov, Director of the Solar JSOC Counter-Cyber Attack Center at Rostelecom-Solar, told RBC that the main goal of ART31 is to constantly be in the computer infrastructure for cyber espionage.
“Russia, like many other countries, is no exception and falls under the gun of this group,” he said.
The ART31 grouping has been known since the early 2010s. The letters ART in the name stand for “advanced persistent threat”, that is, a group that conducts complex targeted attacks. In the fall of 2020, Microsoft reported on recorded attacks on approximately 1,000 computers of US presidential candidates. According to the company's specialists, ART31 operates from China. In turn, the British authorities linked the grouping with the Ministry of State Security of the PRC.
Earlier, “Secret” wrote that hackers demanded $ 50 million from Saudi Aramco after the data leak.
Photo: Pixabay, Pixabay License
Even closer to the point – the main news and the most interesting stories in our Telegram channel.
Read also:
More than half of Russian online stores and banking applications have been found vulnerable to hackers
US pledges $ 10 million for information on hackers
“Russian hackers” mysteriously disappeared after Biden complained to Putin
The Ministry of Finance refused to pay off billions of dollars in debt of the North Caucasus for electricity
Digital reality: why the future is for IT and how to get there
