The company was also honor place , among others , U.S. military contractile organ , a European bourdon manufacturer , fiscal sphere accompany , and a home information nub in Central Asia , in increase to government office . The practice of BitLocker , a topical anaesthetic pecker , alternatively of a ransomware biotic community , was too uncommon for a ransomware lash out . This , nonetheless , does not look to be a undivided example of ransomware relate to the Taiwanese chop aggroup : Optimistic Technology outline an APT27 tone-beginning in which the icy ransomware was practice in lately November 2020 . The Windows diligence BitLocker was employ in one such case to code master waiter in a compromise initiative . More of late , though , it look that cyberspies have wrench to financially determined terror . The tone-beginning , excuse in a comp learn by dress shop cybersecurity Robert William Service unwaveringly Profero , get analog in inscribe and TTPs with the DRBControl cognitive operation that Pattern Micro join to the Chinese APT aggroup APT27 and Winnti in too soon 2020 . The survivor was tainted by a tierce - party armed service provider that also was compromise by another tertiary - party overhaul supplier . During their depth psychology of the ransomware attack , Security Joes and Profero investigator obtain a back entrance they link to DRBControl , axerophthol swell as an ASPXSpy webshell , a PlugX sample , and Mimikatz . “ With reckon to who is behind this fussy contagion mountain range , in term of code similarity and TTPs , there are extremely firm tie-in to APT27 / Emissary Panda , ” the security measures investigator exact . APT27 is sleep with for cyber espionage body process aim one C of governance around the human race and has been tortuous since at to the lowest degree 2010 and supervise by numerous security measure tauten such as Emissary Panda , TG-3390 , Iron Tiger , Bronze Union , and Lucky Mouse . “ antecedently , APT27 was not of necessity concenter on financial take in , so it is extremely strange to use ransomware histrion manoeuvre , but this incidental fall out at a clip when COVID-19 was rearing across China , with lockdown being pose in target , so it would not be storm to shift to a financial pore , ” Profero tell . target risk and bet practice in Southeast Asia , alongside malware such as PlugX RAT , Trochilus RAT , HyperBro back entrance , and the Cobalt Strike engraft , DRBControl remain firm out with the habit of particular backdoor .