Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Chinese Group of Hackers Targeting Russian Military - Proofpoint


Softpedia.com reported on 18th September, 2015 stating that Proofpoint, a US-based Security-as-a-Service vendor, has observed a campaign targeting Russian military personnel which it points to a hacking group working in China.

Security researchers of the company say that the group was previously traced by its workers and other security outfits and it is known as TA459 in the industry.

Proofpoint had first intercepted this operation in July 2015 saying that it is still powerful and affecting telecom and financial companies associated with military targets where the first attack was spotted.

The hackers are using spear-phishing emails with a malicious Word document aiming at military personnel to gain access to their victim's computers.

Proofpoint explains that this document is configured with an exceptional macro which automatically executes a set of commands when the Internaut closes the Word file exploiting CVE-2012-0158, a popular and hugely exploited Microsoft Word flaw.

This ultimately leads to the user being tainted with PlugX(Korplug), a Remote Access Trojan (RAT) that exactly gives cybercriminals full control on the computers of their victim.

TechNewsWorld published news on 23rd September, 2015 quoting Patrick Wheeler, Director of Threat Intelligence of Proofpoint, as saying "PlugX has been associated with state actors in the past. It is not seen as widely in cybercrime and financial theft as it is in state-sponsored activities."

He said that PlugX basically creates a backdoor for attackers in the systems where it is installed. Its range includes downloading malware; mapping systems it's infected; copying, managing and exfiltrating files; moving across to infect other machines and networks; and shutting itself down and removing all signs of itself.

China is one of the main suspects in the Russian attacks.

Wheeler said: "There are elements in the payload and the infrastructure which suggest that the actor is a Chinese but we would hesitate to confirm that this is a Chinese attack because all that information might be hoaxed and proxied."

There seems to be little doubt that the attack is sponsored by a nation state or hackers working for one.

He explained that cybercriminals are frequently dropping things such as banking Trojans and keyloggers and trying to steal information, exploration and gaining entry in the targeted organization.

ยป SPAMfighter News - 9/30/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next