Russian Ransomware Gang Hit A Chinese Multi-national in 2020
敏实集团 - Minth Group is one of the Global 100 top automotive suppliers
This is the second installment of a special ransomware series exclusive to the Inside Cyber Warfare substack. I chose it because it’s a rarely seen example of Russian-speaking threat actors attacking Chinese companies.
Executive Summary
The Minth Group is a Chinese multi-national automobile parts manufacturer with its headquarters in Zhejiang, China. According to its website, “As of the end of 2022, MINTH has set up more than 70 plants in China, the U.S., Mexico, Thailand, Japan, Germany, Serbia, U.K. and Czech, has deployed 4 business units, and has sold products to 30 countries.”
In late 2019 and the first half of 2020, while the Minth Group was planning to begin construction on a new plant in Lewisville, TN, Russian-speaking hackers gained unauthorized access to the company’s internal network and sensitive data. The incident was characterized by the use of compromised domain administrator accounts, execution of malicious tools like Mimikatz, and evidence of collaboration among Russian actors. The incident highlights the importance of robust password hygiene and endpoint security controls to prevent similar attacks.
Keep reading with a 7-day free trial
Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.