February 13, 2025 By Bill Toulas
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors.
The hackers deployed the RA World ransomware against an Asian software and services company and demanded an initial ransom payment of $2 million.
Researchers from Symantec’s Threat Hunter Team observed the activity in late 2024 and highlight a potential overlap between state-backed cyber espionage actors and financially motivated cybercrime groups.
“During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks,” the researchers say, adding that "tools associated with China-based espionage groups are often shared resources" but "many aren’t publicly available and aren’t usually associated with cybercrime activity.”