Researchers at Sentinel Labs and Recorded Future report that Chinese-linked cyberespionage campaigns are increasingly deploying ransomware. CyberScoop reports that their research suggests that ransomware is reportedly used in the final stage of cyberespionage operations to either make money, distract adversaries, or make it more difficult to attribute their work:
The report that Chinese hackers are increasingly using ransomware comes as top U.S. officials continue to sound the alarm about what they say is aggressive Chinese prepositioning of cyber capabilities in sensitive U.S. civilian networks that would typically have no obvious espionage value. That activity, tracked publicly as Volt Typhoon, is designed to influence U.S. decision-making in the event of a conflict, officials have said.
The use of ransomware by Chinese-linked cyber operations is not unprecedented. Researchers with Mandiant have previously detailed activities tracked as APT41, which include state-sponsored espionage activity as well as “financially-motivated activity potentially outside of state control.” Researchers with Secureworks have also documented Chinese-linked intellectual property theft activity with ransomware deployment, as has Microsoft.
Source: CyberScoop