With Friends Like These: China Spies on Russian IT Orgs

With Friends Like These: China Spies on Russian IT Orgs Source: www.darkreading.com/cyberatta… State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications. On Nov. 20, Russian IT security vendor Positive Technologies detailed a longstanding espionage campaign against Russia’s IT sector. The culprit: China’s APT31 — also known as Judgment Panda, TA412, Violet Typhoon — an advanced persistent threat (APT) of a decade and a half, well-known for performing industrial espionage and intellectual property (IP) theft against thousands of worldwide organizations. The first known evidence of APT31’s campaign against Russia’s IT sector dates back to the end of 2022, though the meat of the campaign appears to have occurred in 2024 and 2025. In many ways, the attacks have unfolded as most Chinese espionage campaigns do: APT31 distributed targeted phishing emails with archive files attached, containing decoy documents and its malware, executed in victims' systems using dynamic link library (DLL) sideloading.