The Threat Analysis Team (TAG from the Threat Analysis Group) of Google reports that the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to intercept information from Ukraine.
Google TAG security engineer Billy Leonard says Google has alerted Ukrainian government agencies to a Chinese-funded hacking group.
"Τις τελευταίες εβδομάδες η Google TAG εντόπισε μια ομάδα που υποστηρίζεται από την κυβέρνηση της Κίνας που στοχεύει κυβερνητικούς οργανισμούς της Ουκρανίας και ειδοποιήσαμε τα επηρεαζόμενα μέρη", said Leonard.
"Ενώ προτεραιότητά μας είναι η παροχή ειδοποιήσεων στα επηρεαζόμενα μέρη, έχουμε δώσει και τα σχετικά IOCs σε κοινοτικούς εταίρους και θα δημοσιεύσουμε περισσότερες λεπτομέρειες για την κοινότητα ασφαλείας στο εγγύς μέλλον."
The team leader, Shane Huntley, confirmed επίσης τα λεγόμενα του Leonard, αναφέροντας ότι "ο war στην Ουκρανία δεν προσελκύει μόνο το ενδιαφέρον Ευρωπαίων hacker. Και η Κίνα προσπαθεί σκληρά".
This is in line with the claims of Intrusion Truth, a group known for its work in exposing suspected Chinese hackers.
Intrusion Truth also asked its experts infosec to share any indicators or samples linked to Chinese malicious activity in Ukraine through public or anonymous channels;
I would assume this is cyber espionage, which would be expected, although still not good. https://t.co/SeJWEYrWRv
— John Hultquist (@JohnHultquist) March 15, 2022
The Google TAG report on ongoing Chinese cyber operations in Ukraine follows another warning issued a week ago about a Chinese-backed hacking team (APT31) targeting Gmail users linked to the US government.
A day earlier, Google security analysts they revealed that Russians and Belarusians targeted Ukrainian and European governmental and military organizations in widespread phishing and DDoS attacks.
"Τους τελευταίους 12 μήνες, η TAG έχει εκδώσει εκατοντάδες προalerts government-sponsored attacks on Ukrainian users, said Shane Huntley, head of Google TAG.
Google added that the Chinese-backed hacking group Mustang Panda (also known as Temp.Hex and TA416) has also turned to phishing attacks against European organizations.