‘tools typically associated with China-based intelligence operations were used in a ransomware attack’

raising questions about precedents- has this toolset been used by actors other than china before? “typically” is a funny word here, and “china-based” means very little in the way of incrimination.

“While such tools, often used in espionage attacks, are shared among threat actors, many are not publicly available”

“However, this espionage-linked attacker shifted from spy tactics to ransomware”

a burglar cases a joint: <-- espionage, burglar enters building <— shifts from spy tactics to burglary, . . .

To execute the attack, threat actors utilized a known espionage tool – a Toshiba executable (toshdpdb.exe) used to sideload a malicious DLL named toshdpapi.dll. This component decrypted and loaded a “variant” of the PlugX backdoor, a tool exclusively linked to Chinese state-affiliated hackers.

variant of a chinese exclusive tool. could it be intentional misdirection? there’s certainly a healthy appetite to undermine china in the west.