Tibetan organisations attacked by Chinese spearphishing

Powered by SC Magazine
 

Messages contained remote access trojan.

A range of spearphishing attacks sent allegedly from China against Tibetan organisations have been detected.

AlienVault researchers who discovered the attacks said Tibetan activist organisations including the Central Tibet Administration and International Campaign for Tibet were targeted.
 
The messages carried information on the Tibetan religious festival Kalachakra Initiation, and included a malicious PDF attachment that exploited a patched stack overflow Microsoft vulnerability.
 
It executed the Gh0st remote access Trojan which enabled a range of functions from data exfiltration to activating a target computer's microphone. 
 
AlienVault head of labs Jaime Blasco said the attack used command-and-control servers to grant remote control of infected machines and change the structure and purpose of the malware program.
 
That allowed attackers to remotely adapt the infection in response to changing circumstances, such as updates to anti-virus software. VirusTotal found that these obfuscation steps meant the infection was detected by just two anti-virus vendors at the time of the attacks.
 
The attacks likely originated from the same group of Chinese hackers that launched the Nitro attacks against chemical and defence companies late last year, according to researchers. They said the tool appeared to be the same variant used in the Nitro attacks.
 
The digital certificate used to sign the tool was revoked by VeriSign in December last year.
 
AlienVault previously detected Chinese attacks against US government agencies, including the US Department of Defense which used a new strain of the Sykipot malware to compromise smartcards.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Tibetan organisations attacked by Chinese spearphishing
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1891

Vote
Do you support the abolition of the Office of the Information Commissioner?