Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Companies Team Up, Take Down Chinese Hacking Group

Posted by samzenpus on from the end-of-the-line dept.

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.

35 of 63 comments (clear)

  1. liar by iggymanz · · Score: 3, Informative

    removing malware isn't "taking down" a hacking group; that's just what a victim does

    1. Re:liar by PopeRatzo · · Score: 1

      Absolutely. I expected to read about missile strikes on the hackers or something. Does anyone really believe this is the only malware this group uses?

      --
      You are welcome on my lawn.
  2. 6 years of hacking with the same malware? by Taco+Cowboy · · Score: 1

    Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect

    If that Chinese hacker group "Axiom" really uses the same "Hikit" code all these years then they are no better than a bunch of lazy script kiddies

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:6 years of hacking with the same malware? by TechyImmigrant · · Score: 3, Insightful

      A sane hacking group would just use the existing hack until it fails, while keeping the new tricks in reserve. Expect more, better hacks from the hackers. They've had a while to work on them.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    2. Re:6 years of hacking with the same malware? by SeaFox · · Score: 4, Insightful

      Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect

      Aren't they just being efficient. If it ain't broke, don't fix it?

    3. Re:6 years of hacking with the same malware? by PopeRatzo · · Score: 1

      Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".

      --
      You are welcome on my lawn.
    4. Re:6 years of hacking with the same malware? by sneakyimp · · Score: 3, Funny

      I'd be willing to bet that the point of the article in the OP was so that everyone would click on the link and have new malware installed.

    5. Re:6 years of hacking with the same malware? by Kittenman · · Score: 1

      Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".

      You're right... the real problem malware is of course the stuff that I can't detect on my pc! Quick, pass my tinfoil hat and gloves.

      --
      "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
    6. Re:6 years of hacking with the same malware? by Kvasio · · Score: 5, Funny

      you mean: if it ain't fixed, keep using the break

    7. Re:6 years of hacking with the same malware? by GarethIwanFairclough · · Score: 1

      you mean: if it ain't fixed, keep using the break

      Touchè!

    8. Re:6 years of hacking with the same malware? by halltk1983 · · Score: 2

      Do you keep track of every outbound connection from your computer to make sure that every request is made by authorized software? Or do you rely on a malware suite to report known threats? Most people are in the second boat, and if none of the providers find it, then malware can be resident for a really long time without being caught. Especially if you're good at avoiding honeypots.

      --
      Watch for Penguins, they eat Apples and throw rocks at Windows.
  3. 6 years of hacking with the same malware? by Anonymous Coward · · Score: 1

    If that code is such an effective root kit that they have no need to change it other than deploying it with various 0 days and "droppers", it sounds like they are making a rational business decision.

  4. No one has been "taken down". by Anonymous Coward · · Score: 1

    Are the people responsible identified?
    Are they dead or incarcerated?

    No and no. Nothing is taken down. You might have patched some bullet holes and developed better armor, but the shooter is still at large and still dangerous.

  5. Bullshit ... by CaptainDork · · Score: 1, Funny

    ... If someone spray paints my mailbox with graffiti and I clean it off, is that vigilantism?

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Bullshit ... by TubeSteak · · Score: 1

      ... If someone spray paints my neighbor's mailbox with graffiti and I clean it off, is that vigilantism?

      --
      [Fuck Beta]
      o0t!
    2. Re:Bullshit ... by Anonymous Coward · · Score: 1

      If someone spray paints your mailbox with graffiti and your neighbor repaints the mailbox a nice shade of mauve without consulting you first - and on top of that, you're a bit suspicious that maybe they steamed open your letters, read them and then glued them shut before moving on to the next mailbox.
       
      ... are you still alright with that?

    3. Re:Bullshit ... by CaptainDork · · Score: 1

      Actually ...

      Nah, I got nothing.

      You are correct.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Bullshit ... by GigaplexNZ · · Score: 1

      If my neighbour removes the mural from my mailbox (that I commissioned) because they think they're helping remove graffiti, then yeah, I'd say they're overstepping their bounds. That's an analogy of part of the rationale behind not hacking other peoples systems with the intent to remove malware.

      I'm all for malware clean-up efforts, but there are laws and ethics that may prevent some techniques for doing so.

  6. Re:smoke and mirrors by Anonymous Coward · · Score: 1

    Actually, their method of "taking down" the Chinese hackers was to release the Oct. 14th version of Microsoft's Malicious Software Removal Tool (MSRT). Seriously, its in the TFA.

  7. Chinese government complicity by Ritz_Just_Ritz · · Score: 3, Insightful

    Why don't they come out and call a spade a spade...the Chinese government aids, at worst, or allows, at best, this activity. Ask anyone who has spent any time living in China. It's pretty difficult to do anything that they don't like and if when you do manage to circumvent the rules, it's only because you're greasing the palms of someone inside the government. "Hacking group".....riiiiiiiiiight. (rolling eyes)

    1. Re:Chinese government complicity by LessThanObvious · · Score: 2

      Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?

    2. Re:Chinese government complicity by s.petry · · Score: 1, Insightful

      Solution: Nuke em. Now where are my mod points and donuts? (You didn't claim it needed to be "good" solution.)

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:Chinese government complicity by msobkow · · Score: 2

      Yeah, in the US, the FBI does it officially. Or did you miss the news about that fake newspaper site they put up?

      --
      I do not fail; I succeed at finding out what does not work.
    4. Re:Chinese government complicity by Registered+Coward+v2 · · Score: 4, Interesting

      Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?

      Use it to supplied bad information. Bogus code, code that fails at critical times, misinformation about deals, bargaining positions, etc. Use it as a vector to infect computers with destructive viruses that destroy data, open up their machines for penetration, or cause control systems to fail.. In short, turn the malware into a double agent.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    5. Re:Chinese government complicity by Anonymous Coward · · Score: 1

      WTF = the Chinese plan 200 years ahead where the USA thinks only to the next "November" (election).
      The US and "west" in general have to get off their duff and start having a plan, or become the slaves of the future. Horrid though that your kids may be slaves because your government today failed to think ahead and see quite obvious things, took the wrong decisions, etc.

    6. Re:Chinese government complicity by Paradise+Pete · · Score: 2

      WTF = the Chinese plan 200 years ahead where the USA thinks only to the next "November"

      So you think the Chinese started their hacking plans while the US was involved in the war of 1812?

  8. Take Down? by CaptainDork · · Score: 1

    They didn't kill the power plants in China, did they?

    --
    It little behooves the best of us to comment on the rest of us.
  9. Yuh Huh by Greyfox · · Score: 4, Funny

    Someone's gonna wake up tomorrow with a computer monitor in their bed :-P

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  10. Re: smoke and mirrors by ThatsMyNick · · Score: 1

    Not if they had permission from the owners. Microsoft did (read the EULAs)

  11. smoke and mirrors by Barlo_Mung_42 · · Score: 1

    So Microsoft is the Batman?

  12. Malicious code on 43,000 Windows computers .. by lippydude · · Score: 2

    "The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide

    What operating System did these 'computers' run on?

    1. Re:Malicious code on 43,000 Windows computers .. by lippydude · · Score: 1

      @Anonymous coward: "Why Linux of course"

      If it was Linux, that it would have been mentioned in the title, else it's 'computer' malware :)

  13. NSA FTW! by Anonymous Coward · · Score: 1

    Now, if they also eradicated some of the NSA malware in the process... I mean... uh as collateral damage, so to speak...

    Sigh. I'll keep on dreaming.

  14. Microsoft, payback for their past crap security by fredness · · Score: 2

    Its interesting that Microsoft is mentioned as key contributor to this, when most likely the affected systems that are allowing hackers to slip into organization unauthorized is likely due to the horrendous poor security of Microsoft's own operating system.

  15. Why is this not escalated? by XB-70 · · Score: 3, Insightful
    We pay a fortune in taxes for government agencies: INTERPOL, FBI, RCMP, NSA, CSIS, CIA etc. etc.

    It is disgraceful that a consortium of PRIVATE companies has to tackle this issue when there is clear violation of any number of laws at stake.

    Get to work, you government agencies, and, instead of spying on your fellow countrymen, do your job.

    --
    *** Don't be dull.***