The advanced persistent threat (APT) group known as APT31, linked to China, has launched a series of cyberattacks against the Russian information technology (IT) sector from 2024 to 2025, often remaining undetected. Researchers from Positive Technologies, Daniil Grigoryan and Varvara Koloskova, indicated that this group targeted Russian contractors and integrators working with government entities.
APT31, which has been active since at least 2010, has a history of engaging in cyber espionage aimed at gathering intelligence to benefit Beijing and its state-owned enterprises. Its operations span various sectors, including government, finance, aerospace, telecommunications, and more. Notably, Czech authorities accused APT31 of hacking into their Ministry of Foreign Affairs in May 2025.
The group’s attack methods involved using legitimate cloud services familiar to Russian users, like Yandex Cloud, for command-and-control and data exfiltration. This approach allowed APT31 to blend in with normal online activities, helping them avoid detection. Their tactics included sending spear-phishing emails carrying malicious attachments, like RAR archives, which activated a Cobalt Strike loader through DLL side-loading. For instance, an incident in December 2024 involved a spear-phishing email that lured victims with a ZIP file disguised as a report from the Ministry of Foreign Affairs of Peru.
To maintain persistence in compromised networks, APT31 implemented various tools, including scheduled tasks mimicking legitimate applications such as Yandex Disk and Google Chrome. Some tools utilized included SharpADUserIP for reconnaissance, SharpChrome.exe for extracting passwords, and Tailscale VPN for creating encrypted connections. Additionally, APT31 has adapted its methods continuously, utilizing multiple public and custom tools to sustain long-term access to victims’ infrastructures.
These combined strategies have allowed APT31 to infiltrate networks and harvest sensitive information, such as email passwords and proprietary operational data, while remaining undetected often for extended periods. The trend indicates a sophisticated evolution in their tactics, highlighting the ongoing cyber threat landscape associated with state-sponsored groups.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.