Updated on 2022-10-05: Chinese ransomware group
In a report published on Tuesday, French security firm Sygnia said it linked the Cheerscrypt and Night Sky ransomware strains to Emperor Dragonfly, a China-based threat actor. Read more: REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT – A SINGLE RANSOMWARE GROUP
“Emperor Dragonfly – also known as DEV-0401, and BRONZE STARLIGHT – is a Chinese ransomware group that started operating in mid-2021. Unlike other ransomware groups, Emperor Dragonfly does not operate in an affiliate model and refrain from purchasing initial access from other threat actors. Instead, they manage all stages of the attack lifecycle on their own. The group often rebrand their ransomware payloads, which helps them stay under the radar and avoid sanctions – as they have the appearance of being several, smaller ransomware groups.”
We have observed a China-based ransomware operator that we’re tracking as DEV-0401 exploiting the CVE-2021-44228 vulnerability in Log4j 2 (aka #log4shell) targeting internet-facing systems running VMWare Horizon. https://t.co/6GOdRwRTjk
— Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022
Updated on 2022-10-04
Cybersecurity firm Sygnia linked activities involving Linux-based ransomware strain Cheerscrypt to a Chinese cyberespionage group known as Bronze Starlight or DEV-0401, or Emperor Dragonfly. Read more: Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers
Overview: Cheerscrypt ransomware
Trend Micro has published a report on Cheerscrypt, a new strain of Linux ransomware used to encrypt data on VMWare ESXi servers.
