<ul><li>Threat actors linked to China deployed a tool associated with China-based APT groups in the November 2024 RA World ransomware attack on an Asian software firm.</li><li>The attack suggests that the threat actor may be acting independently as a ransomware operator.</li><li>The tools used in the attack are commonly associated with China-based espionage groups, indicating a potential link to cyber espionage.</li><li>There is a possibility that the attacker used the ransomware attack as a diversion, but failed to hide espionage tools, and actively pursued ransom negotiations.</li></ul>

China-linked APTs’ tool employed in RA World Ransomware attack

Discover more