Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

China-Linked APT31 Strikes Europe

August 1, 2023
Reading Time: 2 mins read
in Alerts
China-Linked APT31 Strikes Europe

A nation-state actor believed to have connections to China, known as APT31 or Bronze Vinewood, is suspected of conducting a series of cyberattacks targeting industrial organizations in Eastern Europe. The attacks occurred last year and aimed to extract data from air-gapped systems.

Cybersecurity company Kaspersky has attributed the intrusions to APT31 with medium to high confidence, citing similarities in tactics used by the hacking crew.

The attacks involved the use of more than 15 distinct implants, categorized based on their functions: establishing persistent remote access, gathering sensitive information, and transmitting the collected data to the actor-controlled infrastructure.

One of the implant types identified by Kaspersky was a sophisticated modular malware specifically designed to profile removable drives and exfiltrate data from isolated networks of industrial organizations in Eastern Europe. Another implant type was found to be responsible for stealing data from local computers and sending it to Dropbox using next-stage implants.

APT31 was also observed using various versions of a malware family called FourteenHi, along with a first-stage backdoor named MeatBall, to facilitate remote access and initial data gathering.

Additionally, a third type of first-stage implant utilized Yandex Cloud for command-and-control, indicating the threat actor’s tendency to abuse cloud services for malicious activities. These sophisticated tactics included hiding payloads in encrypted form in separate binary data files and concealing malicious code in the memory of legitimate applications via DLL hijacking and memory injections.

Although primarily targeted at Windows systems, evidence suggests that APT31 has also set its sights on Linux systems. Recent attacks on South Korean companies involved the deployment of a backdoor called Rekoobe, capable of receiving commands from a command-and-control server to perform various malicious functions, including downloading files, stealing internal data, and executing reverse shells.

ASEC, the AhnLab Security Emergency Response Center, detected these attacks and highlighted the use of encryption by Rekoobe to evade network packet detection.

Reference:
  • Kaspersky uncovers malware for targeted data exfiltration from air-gapped environments
Tags: APT31August 2023Bronze VinewoodChinaCyber AlertCyber Alerts 2023CyberattackCybersecurityEastern EuropeEuropeSensitive datasensitive information
ADVERTISEMENT

Related Posts

Apple Backports Fix For Exploited Bug

Apple Backports Fix For Exploited Bug

September 18, 2025
Apple Backports Fix For Exploited Bug

FileFix Uses Steganography To Drop StealC

September 18, 2025
Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

September 18, 2025
DHS Data Hub Leaked Sensitive Intel

ChatGPT Calendar Flaw Lets Email Theft

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Windows Update Breaks SMBv1 Shares

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Scattered Spider Returns Despite Exit

September 17, 2025

Latest Alerts

FileFix Uses Steganography To Drop StealC

Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

ChatGPT Calendar Flaw Lets Email Theft

Windows Update Breaks SMBv1 Shares

Scattered Spider Returns Despite Exit

Subscribe to our newsletter

    Latest Incidents

    AI Forged Military IDs Used In Phishing

    Insight Partners Warns After Data Breach

    ShinyHunters Claims Salesforce Data Theft

    DHS Data Hub Leaked Sensitive Intel

    Worm Infects 180 npm Packages

    Jaguar Land Rover Delays Restart After Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial