This is the second installment of a special ransomware series exclusive to the Inside Cyber Warfare substack. I chose it because it’s a rarely seen example of Russian-speaking threat actors attacking Chinese companies.

Executive Summary

The Minth Group is a Chinese multi-national automobile parts manufacturer with its headquarters in Zhejiang, China. According to its website, “As of the end of 2022, MINTH has set up more than 70 plants in China, the U.S., Mexico, Thailand, Japan, Germany, Serbia, U.K. and Czech, has deployed 4 business units, and has sold products to 30 countries.”

In late 2019 and the first half of 2020, while the Minth Group was planning to begin construction on a new plant in Lewisville, TN, Russian-speaking hackers gained unauthorized access to the company’s internal network and sensitive data. The incident was characterized by the use of compromised domain administrator accounts, execution of malicious tools like Mimikatz, and evidence of collaboration among Russian actors. The incident highlights the importance of robust password hygiene and endpoint security controls to prevent similar attacks.