A Chinese nation-state threat actor has been caught conducting cyber espionage operations against two Russian defence research institutes using phishing emails that spoof the Russian Ministry of Health and contain malicious documents that exploit western sanctions against Russia as a lure.
The campaign was detected by threat analysts at Check Point Research and has been attributed to a Chinese nation-state actor. CPR found that the campaign has been running since the summer of 2021, long before the crisis in Ukraine escalated into war, and the threat actor used new and previously undocumented tools to evade detection.
