Several ransomware families have been used by Bronze Starlight, a state-sponsored hacker outfit with ties to China, to mask the true purpose of its assaults.
The threat group began employing the HUI Loader in attacks as early as mid-2021 to drop ransomware like AtomSilo, LockFile, Night Sky, Pandora, and Rook. Researchers with cybersecurity company Secureworks believe that Bronze Starlight is more likely motivated by cyberespionage and intellectual property (IP) theft than financial gain due to the short lifespan of each ransomware family, victimology, and access to tools used by Chinese nation-state threat actors (including known vulnerabilities and the HUI Loader).
HUI Loader has been used to distribute malware such as Cobalt Strike, QuasarRAT, PlugX, and SodaMaster as well as remote access Trojans (RATs) at least since 2015.
Read More: https://www.securityweek.com/chinese-apt-bronze-starlight-uses-ransomware-disguise-cyberespionage