Jewelbug Infiltrates Russian IT Service Provider for Five Months

First reported

15.10.2025 20:28

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The Chinese threat group Jewelbug infiltrated a Russian IT service provider from January to May 2025. The group accessed code repositories and software build systems, potentially enabling supply chain attacks on the company's customers. Jewelbug exfiltrated data to Yandex Cloud and deployed various sophisticated tools and techniques to maintain persistence and evade detection. The group has also targeted organizations in South America, South Asia, and Taiwan, demonstrating its expanding reach and evolving capabilities.

Timeline

15.10.2025 20:28 1 articles · 23h ago

Jewelbug Infiltrates Russian IT Service Provider
From January to May 2025, Jewelbug infiltrated a Russian IT service provider, accessing code repositories and software build systems. The group exfiltrated data to Yandex Cloud and used renamed versions of Microsoft Console Debugger to bypass security measures. Jewelbug's activities highlight its expanding reach and sophisticated techniques, including the use of advanced backdoors and cloud services for command and control.
Show sources

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
Open in new tab

Information Snippets

Jewelbug, tracked by Symantec, overlaps with clusters CL-STA-0049, Earth Alux, and REF7707.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
The intrusion lasted from January to May 2025, targeting a Russian IT service provider.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
Jewelbug accessed code repositories and software build systems, enabling potential supply chain attacks.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
The group exfiltrated data to Yandex Cloud and used renamed versions of Microsoft Console Debugger to bypass security measures.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
Jewelbug deployed advanced backdoors like FINALDRAFT and undocumented malware using Microsoft Graph API and OneDrive for C2.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
The group targeted a South American government organization, an IT provider in South Asia, and a Taiwanese company.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
Jewelbug used various tools like ShadowPad, KillAV, EchoDrv, and SOCKS tunneling utilities for persistence and evasion.
First reported: 15.10.2025 20:28

1 source, 1 article
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28