A Chinese APT group called Jewelbug has conducted global cyber-espionage campaigns, including a rare intrusion into a Russian IT service provider’s network. The operation highlights a strategic shift in China-Russia cyber relations and demonstrates sophisticated techniques like cloud-based exfiltration and kernel-level manipulation. #Jewelbug #ChineseAPT #RussiaCyberIntrusion #YandexCloud #SupplyChainThreats
Keypoints
- Jewelbug targeted organizations across South America, South Asia, Taiwan, and Russia in recent months.
- The group maintained access to a Russian IT company’s network for five months and accessed critical software repositories.
- Data was exfiltrated using Yandex Cloud, enabling the attackers to stay undetected and avoid suspicion.
- A new Jewelbug backdoor leverages Microsoft Graph API and OneDrive for stealthy command-and-control activities.
- The group employed advanced tactics such as kernel-level driver abuse, credential dumping, and malware like ShadowPad and Finaldraft.