Hong Kong, Aoyuan Healthy Life Group hit by PT_Moisha ransomware group

Hong Kong, Aoyuan Healthy Life Group hit by PT_Moisha ransomware group 1

THE CHINESE AOYUAN HEALTHY LIFE GROUP, WHICH OPERATES IN THE REAL ESTATE AND SERVICES SECTOR, HAS BEEN VICTIM IN THE LAST DAYS OF A IT ATTACK BY THE RANSOMWARE PT_MOISHA GROUP.

Aoyuan Healthy Life Group, with operational offices also in Sydney in Australia and in Toronto and Vancouver in Canada, is one of the 8 businesses that are part of the Chinese China Aoyuan Group (Aoyuan) based in Guangzhou in the Guangdong District. Aoyuan was founded in 1996 and in October 2007 was listed on the main board of the Hong Kong Stock Exchange. We recall that Aoyuan has its registered office in the “tax haven” of the Cayman Islands.

PT_Moisha after contacting us through qTox provided us with a sample of 90 files, for a total of about 200 MB of exfiltrated documents. In the hands of the PT_Moisha group there would still be a total of 200 GB of documents stolen during their stay in the computer networks of the Aoyuan Healthy Life Group.

In the documents that SuspectFile was able to view there are copies of passports, identity cards, financial documents, excel files relating to the salaries (with names and surnames) of the employees of the Sydney, Toronto and Vancouver offices, service supply contracts, passwords ‘access.

On September 19, PT_Moisha opened a channel on Telegram to try to negotiate directly with the victim, at the moment the Aoyuan Healthy Life Group has not answered the questions of the ransomware group.

PT_Moisha

Hong Kong, Aoyuan Healthy Life Group hit by PT_Moisha ransomware group 2

Who is the PT_Moisha group:

is a group that first appeared last August, although a member of his staff told SuspectFile “we’re an old group”. Among the victims we can say that there is Jewels Infosystems, a company from Rajasthan, India that produces jewelry software for small and large jewelers for management, production, inventory and accounting.

When we asked him if his victims in the past have also included medical entities, he replied

About medicine, I will say this, we went into such networks, closed their vulnerabilities and left wishes and a note to their administrators. You canโ€™t touch medicine, and workers who save peopleโ€™s lives, we are not bastards like some groups, we have principles and we adhere to them.

SuspectFile can also claim that this ransomware group can infiltrate victims’ computer networks through unsecured RDPs and VPNs. Among the file samples that PT_Moisha showed us, there were the credentials of the Virtual Private Network of the Aoyuan Healthy Life Group.