{"id":47235,"date":"2022-06-23T13:00:12","date_gmt":"2022-06-23T13:00:12","guid":{"rendered":"http:\/\/2e40abd8-3759-4e44-8378-7347f7a2401f"},"modified":"2022-06-23T13:00:12","modified_gmt":"2022-06-23T13:00:12","slug":"these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","title":{"rendered":"These hackers are spreading ransomware as a distraction &#8211; to hide their cyber spying"},"content":{"rendered":"<figure class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage\"><!----> <img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/\" alt=\"shutterstock-1122656969.jpg\" height=\"800.1349755356841\" width=\"1200\"><\/picture><\/div>\n<p> <!----> <!----><\/div>\n<p> <!----><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall g-color-gray70 u-block g-text-xsmall\">Image: Shutterstock \/ BLACKDAY<\/span><\/figcaption><\/figure>\n<p>A group of likely state-backed cyber attackers have adopted a new loader to spread five different kinds of ransomware in a bid to hide their true espionage activities. <\/p>\n<p>On Thursday, cybersecurity researchers from Secureworks published <a href=\"https:\/\/www.secureworks.com\/blog\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">new research<\/a> on HUI Loader, a malicious tool that criminals have used widely since 2015.<\/p>\n<p>Loaders are small, malicious packages designed to stay undetected on a compromised machine. While often lacking much functionality as independent malware, they have one crucial task: to load and execute additional malicious payloads. <\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.zdnet.com\/article\/phishing-gang-that-stole-millions-by-luring-victims-to-fake-bank-websites-is-broken-up-by-police\/\" rel=\"follow\">Phishing gang that stole millions by luring victims to fake bank websites is broken up by police<\/a><\/strong><\/p>\n<p><a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/win.hui_loader\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">HUI Loader<\/a> is a custom DLL loader that can be deployed by hijacked legitimate software programs susceptible to DLL search order hijacking. Once executed, the loader will then deploy and decrypt a file containing the main malware payload. <\/p>\n<p>In the past, HUI Loader was used in campaigns by groups including APT10\/<a href=\"https:\/\/www.secureworks.com\/research\/threat-profiles\/bronze-riverside\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Bronze Riverside<\/a> \u2013 connected to the Chinese Ministry of State Security (MSS) \u2013 and <a href=\"https:\/\/securelist.com\/new-activity-of-the-blue-termite-apt\/71876\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Blue Termite<\/a>. The groups have deployed remote access trojans (RATs) including SodaMaster, PlugX, and QuasarRAT in previous campaigns. <\/p>\n<p>Now, it appears that the loader has been adapted to spread ransomware. <\/p>\n<p>According to Secureworks&#8217; Counter Threat Unit (CTU) research team, two activity clusters related to HUI Loader have been connected to Chinese-speaking threat actors. <\/p>\n<p>The first cluster is suspected of being the work of Bronze Riverside. This hacking group focuses on stealing valuable intellectual property from Japanese organizations and uses the loader to execute the SodaMaster RAT. <\/p>\n<p>The second, however, belongs to Bronze Starlight. SecureWorks believes that the threat actors&#8217; activities are also tailored for IP theft and cyber espionage. <\/p>\n<p>Targets vary depending on what information the cyber criminals are trying to obtain. Victims include Brazilian pharmaceutical companies, a US media outlet, Japanese manufacturers, and a major Indian organization&#8217;s aerospace and defense division. <\/p>\n<p><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-attacks-this-is-the-data-that-cyber-criminals-really-want-to-steal\/#link=%7B%22linkText%22:%22Ransomware%20attacks:%20This%20is%20the%20data%20that%20cyber%20criminals%20really%20want%20to%20steal%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/article\/ransomware-attacks-this-is-the-data-that-cyber-criminals-really-want-to-steal\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D\" rel=\"follow\"><strong>Ransomware attacks: This is the data that cyber criminals really want to steal<\/strong><\/a><\/p>\n<p>This group is the more interesting out of the two as they deploy five different kinds of ransomware post-exploit: LockFile, AtomSilo, Rook, Night Sky, and Pandora. The loader is used to deploy Cobalt Strike beacons during campaigns, which create a remote connection, and then a ransomware package is executed. <\/p>\n<p>CTU says that the threat actors have developed their versions of the ransomware from two distinct code bases: one for LockFile and AtomSilo, and the other for Rook, Night Sky, and Pandora.<\/p>\n<p>&#8220;Based on the order in which these ransomware families appeared starting in mid-2021, the threat actors likely first developed LockFile and AtomSilo and then developed Rook, Night Sky, and Pandora,&#8221; the team says. <\/p>\n<p>Avast has released a <a href=\"https:\/\/www.avast.com\/en-gb\/ransomware-decryption-tools#mac\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">decryptor<\/a> for LockFile and AtomSilo. When it comes to the other ransomware variants, it appears that they are all based on <a href=\"https:\/\/www.zdnet.com\/article\/mcafee-babuk-ransomware-decryptor-causes-encryption-beyond-repair\/\" rel=\"follow\">Babuk<\/a> source code. <\/p>\n<figure class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage\"><!----> <img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/\" alt=\"comp\" height=\"426.58423493044825\" width=\"1200\"><\/picture><\/div>\n<p> <!----> <!----><\/div>\n<p> <!----><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall g-color-gray70 u-block g-text-xsmall\">Secureworks<\/span><\/figcaption><\/figure>\n<p>The loader has also been recently updated. In March, the cybersecurity researchers found a new version of HUI Loader that uses RC4 ciphers to decrypt the payload. The loader also now utilizes enhanced obfuscation code to try and disable Windows Event Tracing for Windows (ETW), Antimalware Scan Interface (AMSI) checks, and tamper with Windows API calls. <\/p>\n<p>&#8220;While Chinese government-sponsored groups have not historically used ransomware, there is precedent in other countries,&#8221; SecureWorks says. &#8220;Conversely, Chinese government-sponsored groups using ransomware as a distraction would likely make the activity resemble financially motivated ransomware deployments. However, the combination of victimology and the overlap with infrastructure and tooling associated with government-sponsored threat group activity indicate that Bronze Starlight may deploy ransomware to hide its cyberespionage activity.&#8221; <\/p>\n<h3> Previous and related coverage <\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five ransomware strains have been linked to Bronze Starlight activities.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-47235","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-23T13:00:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"These hackers are spreading ransomware as a distraction &#8211; to hide their cyber spying\",\"datePublished\":\"2022-06-23T13:00:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\"},\"wordCount\":626,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\",\"name\":\"These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\",\"datePublished\":\"2022-06-23T13:00:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"These hackers are spreading ransomware as a distraction &#8211; to hide their cyber spying\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","og_locale":"en_US","og_type":"article","og_title":"These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-06-23T13:00:12+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"These hackers are spreading ransomware as a distraction &#8211; to hide their cyber spying","datePublished":"2022-06-23T13:00:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/"},"wordCount":626,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","url":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","name":"These hackers are spreading ransomware as a distraction - to hide their cyber spying 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","datePublished":"2022-06-23T13:00:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/","contentUrl":"https:\/\/www.zdnet.com\/article\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-are-spreading-ransomware-as-a-distraction-to-hide-their-cyber-spying\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"These hackers are spreading ransomware as a distraction &#8211; to hide their cyber spying"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47235"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47235\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}