Chinese state-linked hackers have breached a Russian IT service provider in what appears to be an espionage campaign, targeting software repositories and using legitimate cloud services for data exfiltration. This incident highlights ongoing Chinese cyber activities expanding even into allied nations like Russia, with potential for widespread cyber-espionage operations. #Jewelbug #EarthAlux #YandexCloud
Keypoints
- Chinese threat actors targeted a Russian IT provider as part of a long-term espionage campaign.
- The hackers accessed software build and code repositories between January and May 2025.
- The group utilized Yandex Cloud to exfiltrate data, reducing detection risk.
- Jewelbug has expanded its operations to target government and corporate entities across multiple regions.
- The campaign indicates Russian and Chinese cyber interests are intersecting in ongoing espionage activities.
Read More: https://therecord.media/rare-china-linked-intrusion-russian-tech-firms