Threat researchers believe two Chinese hacking groups are using ransomware attacks to cover up cyber espionage campaigns against western and Japanese companies. Chinese state-sponsored groups are in search of sensitive information and use financially motivated attacks to mask their true goals. Two clusters of activity were analyzed by SecureWorks including “Bronze Riverside” (APT41) and “Bronze Starlight” (APT10), both using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT. SecureWorks researchers found that starting in March of 2022 Bronze Starlight leveraged Cobalt Strike to deploy ransomware strains such as LockFile, AtomSilo, Rook, Night Sky, and Pandora. These...