Chinese Hackers Launch Zero-Day Malware At Spiritual Activists, Military Groups

twoheadedboy writes "A Chinese hacker group is the chief suspect of spear phishing attacks against the Falun Dafa spiritual group and military organizations in the Philippines. Data handed to TechWeek by AlienVault Labs showed how zero-day malware, designed to pilfer Outlook email account logins, was just one strand of the attacks, which are ongoing. Other malware sought to steal passwords for other accounts, dodging many commercial AV products, whilst remote access tools indicate this is a serious surveillance operation. Chinese authorities have neither confirmed nor denied the claims. But it marks another case of Internet-led surveillance with China's name attached to it, following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google."

Black hole them?

[CaptainDefragged]

Unless your business has a legitimate need to accept traffic from China or Russia, wouldn't it be possible, perhaps prudent even, to block any traffic to and from those countries?

Re:Black hole them?

someone (end users, perhaps businesses, institutions even) blocking russia, china, nigeria (etc) traffic from their own network does nothing to "break the internet" (who's the 'retard' for thinking it would?).. i wouldnt even mind if an ISP or mail provider blocked all unsolicited inbound traffic (port scans, pings, worm transmissions, etc) from those countries by default (manual opt-in to have that traffic routed to you) and scored mail originating from those countries as highly probable to be spam or worse.

we have absolutely no business with china, russia, nigeria (or the rest of africa for that matter).. a blanket blackhole or blacklist of those IPs makes sense, and IS IN USE HERE... and does stop a hell of a lot of illegitimate traffic.. both coming into our local network AND to our public-facing servers... hack attempts at ftp/ssh servers/services and web apps, malware infested email, phishing emails, and contact form/comment spam, all dropped to virtually zero when those blocks went into place.

Context is everything

In China: Use metadata to find suspects, attempt to install a trojan to find additional information.
In US: Use metadata to find suspects, request a secret warrant from a secret court (with a history of granting 100% of warrant requests) to find additional information.

following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google.

Following a report that US surveillance consists of massive firms like Facebook and Google.

Posting anonymously, because I often fly internationally, am already easily profiled, and do not want to increase my risk of showing up on a secret TSA hassle list.