Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Companies Team Up, Take Down Chinese Hacking Group

Posted by samzenpus on from the end-of-the-line dept.

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.

63 comments

  1. liar by iggymanz · · Score: 3, Informative

    removing malware isn't "taking down" a hacking group; that's just what a victim does

    1. Re:liar by PopeRatzo · · Score: 1

      Absolutely. I expected to read about missile strikes on the hackers or something. Does anyone really believe this is the only malware this group uses?

      --
      You are welcome on my lawn.
    2. Re:liar by Anonymous Coward · · Score: 0

      I think they instead hit CurrentC, the rival to Apple Pay.

  2. 6 years of hacking with the same malware? by Taco+Cowboy · · Score: 1

    Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect

    If that Chinese hacker group "Axiom" really uses the same "Hikit" code all these years then they are no better than a bunch of lazy script kiddies

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:6 years of hacking with the same malware? by TechyImmigrant · · Score: 3, Insightful

      A sane hacking group would just use the existing hack until it fails, while keeping the new tricks in reserve. Expect more, better hacks from the hackers. They've had a while to work on them.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    2. Re:6 years of hacking with the same malware? by SeaFox · · Score: 4, Insightful

      Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect

      Aren't they just being efficient. If it ain't broke, don't fix it?

    3. Re:6 years of hacking with the same malware? by PopeRatzo · · Score: 1

      Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".

      --
      You are welcome on my lawn.
    4. Re:6 years of hacking with the same malware? by sneakyimp · · Score: 3, Funny

      I'd be willing to bet that the point of the article in the OP was so that everyone would click on the link and have new malware installed.

    5. Re:6 years of hacking with the same malware? by Kittenman · · Score: 1

      Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".

      You're right... the real problem malware is of course the stuff that I can't detect on my pc! Quick, pass my tinfoil hat and gloves.

      --
      "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
    6. Re:6 years of hacking with the same malware? by __aaltlg1547 · · Score: 0

      Why would they quit using something that keeps working?

    7. Re:6 years of hacking with the same malware? by Kvasio · · Score: 5, Funny

      you mean: if it ain't fixed, keep using the break

    8. Re:6 years of hacking with the same malware? by GarethIwanFairclough · · Score: 1

      you mean: if it ain't fixed, keep using the break

      Touchè!

    9. Re:6 years of hacking with the same malware? by ayesnymous · · Score: 0

      Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect

      Any victim that keeps getting hacked by the same malware code for 6 years straight, deserves no sympathy.

    10. Re:6 years of hacking with the same malware? by halltk1983 · · Score: 2

      Do you keep track of every outbound connection from your computer to make sure that every request is made by authorized software? Or do you rely on a malware suite to report known threats? Most people are in the second boat, and if none of the providers find it, then malware can be resident for a really long time without being caught. Especially if you're good at avoiding honeypots.

      --
      Watch for Penguins, they eat Apples and throw rocks at Windows.
  3. smoke and mirrors by Anonymous Coward · · Score: 0

    These white hat haxx0rz taking down presumably black hat haxx0ring gr0upz... it's all fun and games except that it's vigilantism.

    Youse guis read too many redneck comic boox, I tells ya.

    1. Re:smoke and mirrors by Anonymous Coward · · Score: 0

      I am inclined to call it self defense. Many people have a terribly cavalier attitude towards not cleaning compromised systems, and this affects us all. I get the excrement from these systems in my various email accounts, for example. My mobile phone and VoIP service provider was just this week incapacitated by a massive DDoS attack, also executed through the use of compromised systems. Of course this whole issue isn't made any easier by our "friends", NSA and GCHQ, scanning the internet and hacking whatever they can to create "operational relay boxes", their own botnet.

    2. Re:smoke and mirrors by Anonymous Coward · · Score: 1

      Actually, their method of "taking down" the Chinese hackers was to release the Oct. 14th version of Microsoft's Malicious Software Removal Tool (MSRT). Seriously, its in the TFA.

    3. Re:smoke and mirrors by Anonymous Coward · · Score: 0

      How did the .exe of this removal tool get executed on people's machines?

    4. Re:smoke and mirrors by Anonymous Coward · · Score: 0

      Windows update. Of course that assumes that the malware allows infected computers to run windows update.

    5. Re: smoke and mirrors by ThatsMyNick · · Score: 1

      Not if they had permission from the owners. Microsoft did (read the EULAs)

  4. 6 years of hacking with the same malware? by Anonymous Coward · · Score: 1

    If that code is such an effective root kit that they have no need to change it other than deploying it with various 0 days and "droppers", it sounds like they are making a rational business decision.

  5. 6 years of hacking with the same malware? by Anonymous Coward · · Score: 0

    Exactly. If the same old tricks still reliably work, why change?

  6. No one has been "taken down". by Anonymous Coward · · Score: 1

    Are the people responsible identified?
    Are they dead or incarcerated?

    No and no. Nothing is taken down. You might have patched some bullet holes and developed better armor, but the shooter is still at large and still dangerous.

    1. Re:No one has been "taken down". by Anonymous Coward · · Score: 0

      Even worse, the article says

      Operation SMN is working independently of law enforcement or intelligence agencies.

      So it's possible law enforcement was about to nail the bad guys, but this vigilante operation prevented it by cleaning the police's honeypots and alerting the hacking group.

  7. Taking down bots = profit$$$ by Anonymous Coward · · Score: 0

    So, more money for malware writers and for Microsoft, and more jobs for IT "security" people... congrats!

    I wonder, why don't these companies simply remove any software from Microsoft, invest in open source software and standards, and stop being idiots? Oh, right, I already replied to my own question. Simply follow the money...

    1. Re:Taking down bots = profit$$$ by Anonymous Coward · · Score: 0

      Open source isn't a silver bullet that eliminates malware. Or have you forgotten Heartbleed and Shellshock already?

    2. Re:Taking down bots = profit$$$ by Anonymous Coward · · Score: 0

      Open source isn't a silver bullet that eliminates malware. Or have you forgotten Heartbleed and Shellshock already?

      Both vulnerabilities were found and revealed after security reviews...
      Of course things won't fix themselves, but if these organizations are really worried about their security, they can actually do something about it, as opposed to having to trust some 3rd party.

  8. Bullshit ... by CaptainDork · · Score: 1, Funny

    ... If someone spray paints my mailbox with graffiti and I clean it off, is that vigilantism?

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Bullshit ... by Anonymous Coward · · Score: 0

      If you want to decide based on an analogy, you'll have to come up with a better one because this one doesn't match what happened. For one, the coalition detected and cleaned up malicious code on other people's computers.

    2. Re:Bullshit ... by TubeSteak · · Score: 1

      ... If someone spray paints my neighbor's mailbox with graffiti and I clean it off, is that vigilantism?

      --
      [Fuck Beta]
      o0t!
    3. Re:Bullshit ... by Anonymous Coward · · Score: 1

      If someone spray paints your mailbox with graffiti and your neighbor repaints the mailbox a nice shade of mauve without consulting you first - and on top of that, you're a bit suspicious that maybe they steamed open your letters, read them and then glued them shut before moving on to the next mailbox.
       
      ... are you still alright with that?

    4. Re:Bullshit ... by CaptainDork · · Score: 1

      Actually ...

      Nah, I got nothing.

      You are correct.

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:Bullshit ... by Anonymous Coward · · Score: 0

      So then, this is like painting over the graffiti on your neighbor's wall.

    6. Re:Bullshit ... by Anonymous Coward · · Score: 0

      When you do the same to 43,000 neighbors, you're bound to make some mistakes, like misidentifying art for graffiti, or painting over a window.

    7. Re:Bullshit ... by GigaplexNZ · · Score: 1

      If my neighbour removes the mural from my mailbox (that I commissioned) because they think they're helping remove graffiti, then yeah, I'd say they're overstepping their bounds. That's an analogy of part of the rationale behind not hacking other peoples systems with the intent to remove malware.

      I'm all for malware clean-up efforts, but there are laws and ethics that may prevent some techniques for doing so.

  9. Chinese government complicity by Ritz_Just_Ritz · · Score: 3, Insightful

    Why don't they come out and call a spade a spade...the Chinese government aids, at worst, or allows, at best, this activity. Ask anyone who has spent any time living in China. It's pretty difficult to do anything that they don't like and if when you do manage to circumvent the rules, it's only because you're greasing the palms of someone inside the government. "Hacking group".....riiiiiiiiiight. (rolling eyes)

    1. Re:Chinese government complicity by LessThanObvious · · Score: 2

      Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?

    2. Re:Chinese government complicity by s.petry · · Score: 1, Insightful

      Solution: Nuke em. Now where are my mod points and donuts? (You didn't claim it needed to be "good" solution.)

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:Chinese government complicity by msobkow · · Score: 2

      Yeah, in the US, the FBI does it officially. Or did you miss the news about that fake newspaper site they put up?

      --
      I do not fail; I succeed at finding out what does not work.
    4. Re:Chinese government complicity by Registered+Coward+v2 · · Score: 4, Interesting

      Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?

      Use it to supplied bad information. Bogus code, code that fails at critical times, misinformation about deals, bargaining positions, etc. Use it as a vector to infect computers with destructive viruses that destroy data, open up their machines for penetration, or cause control systems to fail.. In short, turn the malware into a double agent.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    5. Re:Chinese government complicity by Anonymous Coward · · Score: 0

      >Everything done in China is done by the Chinese govt.
      American logic!

    6. Re:Chinese government complicity by Anonymous Coward · · Score: 1

      WTF = the Chinese plan 200 years ahead where the USA thinks only to the next "November" (election).
      The US and "west" in general have to get off their duff and start having a plan, or become the slaves of the future. Horrid though that your kids may be slaves because your government today failed to think ahead and see quite obvious things, took the wrong decisions, etc.

    7. Re:Chinese government complicity by Anonymous Coward · · Score: 0

      Like Afghanistan and Iraq ... those projects worked out real well, hey? It is high time USA stopped being ineffective and ham-stringing its own future. Gazillions spent, domestic economy in the hole, and the radicals just get more radical. You either wipe them 100% (not 99.99999999999% - not good enough) or you come up with another solution. Restart the factories, stop the imports, pay attention as to who lives in the country and is given residency or citizenship. The foundations for this crap were laid during the hippie era of the crazy 1960's; the fruit of the seeds then planted is coming up for harvest and it ain't pretty.

    8. Re:Chinese government complicity by Anonymous Coward · · Score: 0

      It's pretty difficult to do anything that they don't like

      Hacking isn't too easy either. Just because it's hard doesn't means nobody manages to do it, and when you consider they have more than a billion people even with the most terrible odds someone is going to succeed.

      I think you are vastly overestimating what an organization can do.

    9. Re:Chinese government complicity by Paradise+Pete · · Score: 2

      WTF = the Chinese plan 200 years ahead where the USA thinks only to the next "November"

      So you think the Chinese started their hacking plans while the US was involved in the war of 1812?

    10. Re:Chinese government complicity by Anonymous Coward · · Score: 0

      You've done a brilliant job of completely and intentionally missing his point, shithead.

  10. Take Down? by CaptainDork · · Score: 1

    They didn't kill the power plants in China, did they?

    --
    It little behooves the best of us to comment on the rest of us.
  11. False security by Anonymous Coward · · Score: 0

    That's the only thing this take down provides because the real problem is still out out there and until they arrest their asses the danger still exist False security is very bad, people become laxed, and that's a no no when it comes to security. It's like the mood after a huge drug bust where 5-0 thinks traffic has slowed down because of their heroics, but really it's business as usual.

  12. Re:Chinese government complicity S&T by Anonymous Coward · · Score: 0

    This is like the Soviet S&T spy group, the most prolific and successful groups of spies during the cold war; they were constantly stealing plans and technology from America through an extensive spy network and managing to stay a year behind the west in most technologies. China is probably using this to supplement their S&T industrial espionage group. The direct dollar value to the Soviet spy group was 1/100th of the estimated labor cost of actually developing the technology, according to the Mitrokhin archive. Thus if the Chinese hacker group steals $10 billion in technology, that would equate to a $100 million direct value to that hacker group / the Chinese state. Companies having more cellular / detached network setups which do not directly talk to each other would probably help.

  13. Yuh Huh by Greyfox · · Score: 4, Funny

    Someone's gonna wake up tomorrow with a computer monitor in their bed :-P

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  14. smoke and mirrors by Barlo_Mung_42 · · Score: 1

    So Microsoft is the Batman?

  15. what a crappy propaganda by zugedneb · · Score: 0

    "...targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years."

    So, who came up with this and who is target?

  16. Malicious code on 43,000 Windows computers .. by lippydude · · Score: 2

    "The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide

    What operating System did these 'computers' run on?

    1. Re:Malicious code on 43,000 Windows computers .. by Anonymous Coward · · Score: 0

      What operating System did these 'computers' run on?

      Why Linux of course.

    2. Re:Malicious code on 43,000 Windows computers .. by lippydude · · Score: 1

      @Anonymous coward: "Why Linux of course"

      If it was Linux, that it would have been mentioned in the title, else it's 'computer' malware :)

  17. NSA FTW! by Anonymous Coward · · Score: 1

    Now, if they also eradicated some of the NSA malware in the process... I mean... uh as collateral damage, so to speak...

    Sigh. I'll keep on dreaming.

  18. Microsoft, payback for their past crap security by fredness · · Score: 2

    Its interesting that Microsoft is mentioned as key contributor to this, when most likely the affected systems that are allowing hackers to slip into organization unauthorized is likely due to the horrendous poor security of Microsoft's own operating system.

  19. Why is this not escalated? by XB-70 · · Score: 3, Insightful
    We pay a fortune in taxes for government agencies: INTERPOL, FBI, RCMP, NSA, CSIS, CIA etc. etc.

    It is disgraceful that a consortium of PRIVATE companies has to tackle this issue when there is clear violation of any number of laws at stake.

    Get to work, you government agencies, and, instead of spying on your fellow countrymen, do your job.

    --
    *** Don't be dull.***
    1. Re:Why is this not escalated? by Anonymous Coward · · Score: 0

      The problem is that governments have been attacking Internet/computer culture for so long that most respectable geeks won't work for them.

  20. Microsoft, payback for their past crap security by Anonymous Coward · · Score: 0

    I like mustard!