A Chinese-linked threat actor, Jewelbug, has conducted a five-month intrusion campaign targeting a Russian IT service provider, expanding its operations beyond Asia and Latin America. The campaign involved sophisticated techniques such as supply chain attacks, credential dumping, and the use of cloud services for C2, highlighting the groupβs evolving cyber espionage capabilities. #Jewelbug #SupplyChainAttack
Keypoints
- The threat actor Jewelbug targeted a Russian IT service provider from January to May 2025.
- Jewelbug employed techniques like credential dumping, scheduled tasks persistence, and log clearing to hide activity.
- The group used legitimate cloud services such as Yandex Cloud and Microsoft Graph API for command-and-control.
- Previous attacks linked to Earth Alux and CL-STA-0049 involved malware like VARGEIT, COBEACON, and FINALDRAFT backdoor.
- The campaign indicates Chinese cyber espionage interests extend into Russia despite diplomatic ties, with increased activity in Asia-Pacific and Latin America.
Read More: https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html