Chinese Hacker Cabals Attempt Theft of Trade Secrets

According to FireEye the security company, a dual spying operation is going on by Chinese hackers who seek to steal trade secrets that countries in the neighborhood maintain.

Of these two hackers' cabals, one is called Moafee which spies on government and military, particularly, USA's defense sector, while the other is known as DragonOK which attacks manufacturing as well as high-tech organizations within Taiwan and Japan. Moreover, the groups operate from separate areas in China like DragonOK from Jiangsu Province and Moafee from Guandong Province both provinces in China.

FireEye's researchers state that the two groups distribute spear-phishing e-mails, with the messages well-crafted as well as sent to specific audience, while using the local language of the target Internauts. Attachments within the e-mails are like often zipped files alternatively password-protected MS files with executables embedded. It has also been seen that the spying cabals utilize decoy documents, which victims confront as the malware works behind the screen, according to the researchers. Securityweek.com published this dated September 11, 2014.

A backdoor malware is also employed in the espionage campaigns. This ranges from PoisonIvy to NewCT2, CT/NewCT, Nflog and Mongall. Both groups further append the well-known proxy device HTRAN to their C&C infrastructures for disguising the places of their operations.

The researchers observe that the groups during their operations do one of the following: coordinate activities; acquire identical training; use an identical toolkit supply sequence; make certain mixture of the just stated. According to them, the campaigns appear like one "production line" assault sequence.

And while not articulating the sort of information spied on, FireEye does emphasize that the hacker groups focused on the area's "abundant natural resources" viz. natural gas and oil under the South China Sea.

FireEye's researchers also state that perhaps a yet another Chinese hacker cabal armed with 'advanced persistent threat' (APT) is utilizing a few of the identical methods and toolkits which DragonOK and Moafee are using. Through the coordination of joint assaults and sharing of TTPs, these APT criminals, according to the researchers, are capitalizing on the economic expertise in China for carrying out large-scale global espionage.

» SPAMfighter News - 9/19/2014