Symantec researchers discovered Chinese APT group Jewelbug compromised a Russian IT service provider from early 2025 through May, marking a rare instance of Chinese cyber espionage targeting Russian infrastructure. The attackers gained months of undetected access to build servers and code repositories, positioning themselves for a potential supply chain attack on the provider's customers. They used renamed Microsoft tools, credential dumping, and Yandex Cloud for exfiltration to avoid detection. The incident challenges assumptions about China-Russia cyber cooperation and suggests Beijing views Russian systems as intelligence targets despite public diplomatic ties.
Sort: