Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Hackers Launch Zero-Day Malware At Spiritual Activists, Military Groups

Posted by Soulskill on from the tired-of-farming-gold-in-WoW dept.

twoheadedboy writes "A Chinese hacker group is the chief suspect of spear phishing attacks against the Falun Dafa spiritual group and military organizations in the Philippines. Data handed to TechWeek by AlienVault Labs showed how zero-day malware, designed to pilfer Outlook email account logins, was just one strand of the attacks, which are ongoing. Other malware sought to steal passwords for other accounts, dodging many commercial AV products, whilst remote access tools indicate this is a serious surveillance operation. Chinese authorities have neither confirmed nor denied the claims. But it marks another case of Internet-led surveillance with China's name attached to it, following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google."

16 of 62 comments (clear)

  1. Black hole them? by CaptainDefragged · · Score: 2, Insightful

    Unless your business has a legitimate need to accept traffic from China or Russia, wouldn't it be possible, perhaps prudent even, to block any traffic to and from those countries?

    --
    Don't tailgate - the end is near!
    1. Re:Black hole them? by Anonymous Coward · · Score: 2, Insightful

      someone (end users, perhaps businesses, institutions even) blocking russia, china, nigeria (etc) traffic from their own network does nothing to "break the internet" (who's the 'retard' for thinking it would?).. i wouldnt even mind if an ISP or mail provider blocked all unsolicited inbound traffic (port scans, pings, worm transmissions, etc) from those countries by default (manual opt-in to have that traffic routed to you) and scored mail originating from those countries as highly probable to be spam or worse.

      we have absolutely no business with china, russia, nigeria (or the rest of africa for that matter).. a blanket blackhole or blacklist of those IPs makes sense, and IS IN USE HERE... and does stop a hell of a lot of illegitimate traffic.. both coming into our local network AND to our public-facing servers... hack attempts at ftp/ssh servers/services and web apps, malware infested email, phishing emails, and contact form/comment spam, all dropped to virtually zero when those blocks went into place.

    2. Re:Black hole them? by anubi · · Score: 2

      There are snoops and malicious activity everywhere on the net. Seems a lot of governments as well as shysters are doing it. This does not seem centered on one group of people as I can see. We are snooping. They are snooping. Businesses are snooping. Many people are hoarding other's personal data, but trying every way they can to protect theirs - our own government is snooping like heck, but let their beans get spilled and they come all unglued.

      Information I volunteer on a business form becomes public for the business "associates", but a song aired is still considered private property and having others store an unauthorized copy being deemed illegal. If my storing a copy of information copyrighted by someone else is illegal, why isn't it illegal for them to store a copy of my doings? I claim copyright over my life, but who is going to enforce my claims?

      As things go global, I guess a lot of you know that there are Chinese counterparts to Ebay and Amazon. Its AliExpress, Alibaba, Baidu, Taobao. I use AliExpress a lot to get things that are hard to find in the USA - or when I do find them, they are often marked way up. AliExpress is geared for international sales, where the others I listed are internal Chinese sites and it would help a lot if you can read Mandarin.

      So far I have not noted unusual activity coming from the shopping sites, however I did note some software behaving suspiciously as I was researching shipping sites and was visiting a lot of unknown Chinese sites in search of how the shipping systems worked. The legit sites were not doing it, but in my ignorance, I was hitting a lot of decoy sites.

      No-Script saved my ass a lot of times. The legit sites worked without requiring me to "drop my shields". I only wish American business sites would do likewise, as I often do not know who is legit and who is trying to pull a fast one until I have done business with them a few times. When the first thing a business site does is demand I "drop my shields", thereby becoming vulnerable to a malware attack, I become suspicious, I guess for the same reason if I entered a bank wearing a ski mask, I would expect the bank personnel to suspect I may have an ulterior motive for my presentation.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    3. Re:Black hole them? by CaptainDefragged · · Score: 2

      Yes, thank you AC, that is what I had in mind. I don't see how managing your own security risks breaks the Internet either. If your home or business doesn't need to access risky countries, then firewall them off. Nothing retarded about that; sounds like common sense to me.

      --
      Don't tailgate - the end is near!
    4. Re:Black hole them? by SuricouRaven · · Score: 2

      I'm sure that's delay any Chinese hackers, state-sponsored or otherwise, for a few minutes. They are as capable as anyone of using a previously-compromised host as a proxy. State-sponsored hackers may even use this as a false-flag approach: Hack a bunch of computers in Russia or Iran, and use those to attack American targets. For that matter, some of the many attacks seemingly coming from China may well be the work of Russia. It's very easy to frame someone else.

  2. Mandiant Report by colsandurz45 · · Score: 2

    This seems consistent with the Mandiant report, at least the Spear Phishing attacks and maybe the tools?

  3. Re:How are the Chinese doing this? by Fluffeh · · Score: 4, Interesting

    Snowden wasn't employed in a position where he had access to the Chinese espionage program. He was employed where he had access to the US programs. Maybe one day there will be a Chinese version of Snowden that will shine light on all the mischeif that the Chinese get up to...

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  4. Context is everything by Anonymous Coward · · Score: 4, Insightful
    In China: Use metadata to find suspects, attempt to install a trojan to find additional information.
    In US: Use metadata to find suspects, request a secret warrant from a secret court (with a history of granting 100% of warrant requests) to find additional information.

    following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google.

    Following a report that US surveillance consists of massive firms like Facebook and Google.

    Posting anonymously, because I often fly internationally, am already easily profiled, and do not want to increase my risk of showing up on a secret TSA hassle list.

  5. Re:How are the Chinese doing this? by Dr+Max · · Score: 4, Funny

    How exactly are they going to do that? Even if they managed to invade my country, finding me in that war zone wont be all that easy. But what the hell, lets find out what happens. CHINA GOVERNMENT EATS BABIES. How long do you think it's going to take to arrest me?

    --
    Rocket Surgeon.
  6. Re:How are the Chinese doing this? by viperidaenz · · Score: 2

    As soon as you go through customs if you ever decide to go to China, Taiwan or Hong Kong for a holiday?

  7. Targets Alone Prove that it was the Chinese by CodeBuster · · Score: 2

    The targets alone prove that this was the work of the Chinese because there's no money to be made in attacking either of these groups. The criminals are in it for the money and they wouldn't waste zero days on military groups in the Philippines or some offshoot of the Falun group of religious people. Furthermore, everybody knows that the Chinese government employs hackers, it's now documented public information, so there's no obvious political value in staging a false flag operation to make it look like it was the Chinese because that cat's already out of the bag. The only government on the entire planet that would perceive any value in attacking either of these groups is the Chinese government.

  8. A mass of massive hacking by Anonymous Coward · · Score: 2, Interesting

    At a previous gig I was tasked with setting up a network with VPN endpoints in Shanghai, Noida, SF, and NYC. Within months I was consulting with my buddies that started their own security company because my doorknob was rattling off the hook mainly in the Shanghai region. The data being protected was a AAA game engine under heavy development, which I can say never got leaked unlike the one from our sister studio in the UK. The mass of massive hacking coming my way did seem to be chinese govt related (in this case rightfully so) because I can only describe it as a gigantor sized botnet with permanent PMS that seemed to disappear when you began investigating it. It was explained to me they have developed their own protocols which do not translate well to a western approximation of things. Constant attempts to poison DNS on our domain controller from seemingly 3g mobile network addresses in the region and a heavy use of whale-sized infiltration techniques were constant headaches. I could not just change the platform or OS too many 3rd party tools. I got no help from admins on their end when I asked why all this **** was on their network segment and why their BYOD policy was allowing it. My only saving grace was a machine put together from spare parts dedicated to taking the brunt of Shanghai attack attempts which had absolutely nothing on it but was set up to look like the machine that was the goal of all the attacks on the network. After a month or so it would mysteriously get knocked off the network whenever it was put up even after an OS reinstall when VPN was up. Luckily, it gave us enough time to get spinlocking RSA dongles in the mail which were all the rage back then. Found out later all this work was to protect some shady employment practices that became very public after I had left the company. The point of this very long tale which will most likely get buried is get both sides of the story. Justice is blind, even on the net, wherever these people are you have to ask yourself when it comes to a person's life or wellbeing these things may actually be necessary and it is not always to stem the tide of dissent. You can read the news but this is an actual in the trenches account- hope it helps and hope more people will share these experiences.

  9. Re:Daffa? by Dexter+Herbivore · · Score: 4, Funny

    Hey China, there's this place called Westboro Baptist Church, I heard that they said nasty things about your government. (crosses fingers and waits).

  10. Re:How are the Chinese doing this? by SuricouRaven · · Score: 2

    A Chinese snowden would be lucky to make it out of the country, and would likely be dead in an 'accident' a week after the first leak.

  11. Lets ask the sane question by ruir · · Score: 2

    Why foreign organisations are using: 1) a closed-source OS developed by a foreign power 2) software with all these security flaws 3) a software defective by design

  12. Zero-day malware? by asylumx · · Score: 2

    How can malware be zero-day? If it's exploiting some security weakness, then it's a virus and not malware. If it's malware, then it's probably gotten itself installed (even if through nefarious means) via some social engineering technique. I suspect this is a stretched use of "zero-day" in order to make the headline & article more exciting.