Cheerscrypt ransomware linked to a Chinese hacking group

The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution. The ransomware gang is tracked under different names, such as Bronze Starlight and DEV-0401, and has been seen using a wide variety of ransomware families since 2021. While the hacking group appears to operate as a ransomware operation, previous research indicates that many of their victims are targets of interest for the Chinese government. This has led researchers to believe that the ransomware activities of the hacking group could be a cover for Chinese government-sponsored cyber espionage campaigns. The ransomware group isn't operating as a RaaS platform for affiliates but rather as a "Lone wolf" isolated from the rest of the cybercrime community. That same month, Microsoft updated an article on ransomware operations to include the hacking group, who they track as DEV-0401, and attributed them to Chinese threat actors. "Differing from the other RaaS developers, affiliates, and access brokers profiled here, DEV-0401 appears to be an activity group involved in all stages of their attack lifecycle, from initial access to ransomware development," explained the Microsoft threat intelligence researchers.