China-linked threat actors are targeting the government of Ukraine

Pierluigi Paganini March 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes.

Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine ‘s government to gather info on the ongoing conflict. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard.

“It should come as no surprise that CN PLA and other CN intel orgs are acutely interested in the war in Ukraine. Over the last few weeks @Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties.” wrote Leonard.

Google TAG team notified Ukrainian government organizations that were targeted by Chinese intelligence.

“Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties,” Leonard said.


The hacktivist collective group Intrusion Truth believes that the campaign was orchestrated directly by the Chinese government. The group announced that it is sharing IOCs with community partners and plan to provide additional details on the ongoing attacks in the future.

Google recently announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government.

Google also reported that China-linked Mustang Panda cyberespionage group (aka Temp.Hex) have targeted European entities with lures related to the Ukrainian invasion. In some attacks spotted by Google, threat actors used malicious attachments with file names such as ‘Situation at the EU borders with Ukraine.zip’. The researchers pointed out that this is the first time they observed Mustang Panda targeting European entities, the group was regularly observed targeting Southeast Asian organizations.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment