Cybersecurity firm Kaspersky observed a new APT31 campaign targeting industrial organizations in Eastern Europe. APT31, also known as Zirconium, Judgement Panda, Bronze Vinewood, and Red Keres, is strongly linked to the Chinese government.

The attacks occurred in 2022, and Kaspersky recently concluded its investigation. Instead of attacking industrial control systems, the hackers sought to establish permanent data-theft channels through malware-infected removable drives. The group used two variants of malware, FourteenHi and MeatBall. The first is capable of uploading or downloading files, running commands, and initiating reverse shells. The second establishes extensive remote access capabilities. Kaspersky’s report includes indicators of compromise, technical details, and an overview of the tactics APT31 employed during this campaign.

Read More: