Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes.

Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine ‘s government to gather info on the ongoing conflict. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard.

“It should come as no surprise that CN PLA and other CN intel orgs are acutely interested in the war in Ukraine. Over the last few weeks @Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties.” wrote Leonard.

The Ukraine war isn’t only attracting interest from European threat actors. China is working hard here too. https://t.co/8bpXsGQvD7— Shane Huntley (@ShaneHuntley) March 15, 2022Google TAG team notified Ukrainian government organizations that were targeted by Chinese intelligence.

“Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties,” Leonard said.

It should come as no surprise that CN PLA and other CN intel orgs are acutely interested in the war in Ukraine. Over the last few weeks @Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties. https://t.co/WALjGL6v5Z— billy leonard (@billyleonard) March 15, 2022
While our priority is providing notifications to impacted parties, we’ve provided related IOCs to community partners, and we will publish more details for the security community in the near future. We will continue to update our recent blog as necessary.https://t.co/5ZJUgz3Snt— billy leonard (@billyleonard) March 15, 2022The hacktivist collective group Intrusion Truth believes that the campaign was orchestrated directly by the Chinese government. The group announced that it is sharing IOCs with community partners and plan to provide additional details on the ongoing attacks in the future.

Google recently announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government.

Google also reported that China-linked Mustang Panda cyberespionage group (aka Temp.Hex) have targeted European entities with lures related to the Ukrainian invasion. In some attacks spotted by Google, threat actors used malicious attachments with file names such as ‘Situation at the EU borders with Ukraine.zip’. The researchers pointed out that this is the first time they observed Mustang Panda targeting European entities, the group was regularly observed targeting Southeast Asian organizations.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

The post China-linked threat actors are targeting the government of Ukraine appeared first on Security Affairs.