Chinese Hackers Launch Zero-Day Malware At Spiritual Activists, Military Groups

twoheadedboy writes "A Chinese hacker group is the chief suspect of spear phishing attacks against the Falun Dafa spiritual group and military organizations in the Philippines. Data handed to TechWeek by AlienVault Labs showed how zero-day malware, designed to pilfer Outlook email account logins, was just one strand of the attacks, which are ongoing. Other malware sought to steal passwords for other accounts, dodging many commercial AV products, whilst remote access tools indicate this is a serious surveillance operation. Chinese authorities have neither confirmed nor denied the claims. But it marks another case of Internet-led surveillance with China's name attached to it, following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google."

Re:How are the Chinese doing this?

[Fluffeh]

Snowden wasn't employed in a position where he had access to the Chinese espionage program. He was employed where he had access to the US programs. Maybe one day there will be a Chinese version of Snowden that will shine light on all the mischeif that the Chinese get up to...

A mass of massive hacking

At a previous gig I was tasked with setting up a network with VPN endpoints in Shanghai, Noida, SF, and NYC. Within months I was consulting with my buddies that started their own security company because my doorknob was rattling off the hook mainly in the Shanghai region. The data being protected was a AAA game engine under heavy development, which I can say never got leaked unlike the one from our sister studio in the UK. The mass of massive hacking coming my way did seem to be chinese govt related (in this case rightfully so) because I can only describe it as a gigantor sized botnet with permanent PMS that seemed to disappear when you began investigating it. It was explained to me they have developed their own protocols which do not translate well to a western approximation of things. Constant attempts to poison DNS on our domain controller from seemingly 3g mobile network addresses in the region and a heavy use of whale-sized infiltration techniques were constant headaches. I could not just change the platform or OS too many 3rd party tools. I got no help from admins on their end when I asked why all this **** was on their network segment and why their BYOD policy was allowing it. My only saving grace was a machine put together from spare parts dedicated to taking the brunt of Shanghai attack attempts which had absolutely nothing on it but was set up to look like the machine that was the goal of all the attacks on the network. After a month or so it would mysteriously get knocked off the network whenever it was put up even after an OS reinstall when VPN was up. Luckily, it gave us enough time to get spinlocking RSA dongles in the mail which were all the rage back then. Found out later all this work was to protect some shady employment practices that became very public after I had left the company. The point of this very long tale which will most likely get buried is get both sides of the story. Justice is blind, even on the net, wherever these people are you have to ask yourself when it comes to a person's life or wellbeing these things may actually be necessary and it is not always to stem the tide of dissent. You can read the news but this is an actual in the trenches account- hope it helps and hope more people will share these experiences.