APT 21 is another threat group that has been attributed to China’s Ministry of State Security (MSS).
They have been active since at least 2014, targeting the Russian government and groups which seek greater autonomy or independence from China, such as those from Tibet or Xinjiang
History
Leveraging strategic Russian-language attachments themed with national security issues in lure documents. Historically, social engineering content is indicative of a cyber espionage operation attempting to gain unauthorized access to privileged information concerning state security in Russia
Using a custom malware called Zhenbao, which is a modular backdoor that can download and execute additional payloads, collect system information, and communicate with a command and control (C2) server
Employing a variety of techniques to evade detection and analysis, such as obfuscating code, encrypting network traffic, and using legitimate tools and services for lateral movement and data exfiltration