The Chinese People’s Liberation Army (PLA) and other Chinese intelligence organizations, according to Google’s Threat Analysis Group (TAG), are seeking to learn more about the continuing Russian battle in Ukraine.
According to Google TAG Security Engineer Billy Leonard, a Chinese-sponsored hacker outfit targeted Ukrainian government organizations.
“Over the last few weeks, Google TAG has detected a government-backed actor from CN targeting Ukrainian government organizations, and we’ve notified those affected,” Leonard added.
“While notifying impacted parties is our first priority, we’ve shared related IOCs with community partners and will offer further data to the security community in the near future.”
Shane Huntley, the group’s leader, echoed Leonard’s assessment, saying: “The conflict in Ukraine is gaining attention from more than just European threat actors. China is also putting forth a lot of effort in this area.”
This coincides with statements made on Tuesday by the Intrusion Truth, a shadowy organization infamous for exposing alleged Chinese cyber activities, that it is aware of Chinese threat actors targeting Ukraine, most likely at the request of the Chinese government.
In addition, Intrusion Truth invited information security specialists to disclose any signs or samples related to Chinese malicious activities in Ukraine via public or anonymous channels.
State-sponsored cyber-attacks are also aimed against Europe
The revelation by Google TAG on continued Chinese cyber activities in Ukraine comes on the heels of another warning given a week ago about a Chinese-backed hacker outfit known as APT31 targeting Gmail accounts linked with the US government.
A day earlier, Google security experts disclosed that Russian and Belarusian phishing and DDoS operations targeted Ukrainian and European government and military organizations.
“Over the last year, TAG has sent hundreds of government-backed attack alerts to Ukrainian users, notifying them that they have been the subject of government-backed hacking, primarily from Russia,” said Shane Huntley, Google’s TAG head.
Mustang Panda (aka Temp. Hex and TA416), a Chinese-backed hacking outfit, has also turned to phishing assaults targeting European firms using baits connected to the invasion of Ukraine, according to Google.
Proofpoint announced the same day that Mustang Panda had been phishing “European diplomatic entities, including an individual involved in refugee and migration services.”
