APT Crime Group with China Connections Attacks HK

An APT crime group having connections with China and thought as being behind highly targeted assaults aimed at ministries and governments of foreign countries is currently concentrating on China's geography in the Hong Kong autonomous region, according to FireEye the cyber security company. An attack this year (2015) in August on a number of media organizations inside Hong Kong recently followed one glittering controversy related to a particular staff's appointment in Hong Kong University.

The gang striking at media outlets in Hong Kong goes by the name admin@338 while security researchers know it as being attackers with openly obtainable RATs (remote access Trojans) in particular, Poison Ivy for striking financial and government organizations that chiefly deal in international economic policy.

Within the current instance, FireEye experts note that the attack without a precedence has occurred when the gang reportedly employed phishing lures with the help of Chinese language vis-à-vis the targets. The phishing e-mails each had 3 attachments, all being exploits related to one patched security flaw within Microsoft Office namely CVE-2012-0158 and one buffer overflow being patched during initial time of 2012 for the Common Control Library on Windows computers.

If the exploits are run, a backdoor known as Lowball is installed on the hijacked PC that then links up with one authentic Dropbox account of the hackers.

It has also been observed that the Dropbox A/Cs of the threat gang contained another backdoor known as "BUBBLEWRAP" that believably admin@338 used previously. The malware has all the features of a backdoor which garners details from the hijacked PC. It's also capable of leveraging different plug-ins for increasing its functionality.

Meanwhile, the most recent assaults on Hong Kong TV, radio and newspapers occurred the same time when 3 Hong Kong students faced charges for participating in a pro-democracy movement during 2014.

According to researchers, it is quite familiar to have China-situated threat gangs as attacking media organizations in Hong Kong, especially those that concentrate on publishing reports about the pro-democracy campaign. For e.g. the August 2015 attack targeted organizations having details which could mean precious to the government of China.

» SPAMfighter News - 12/7/2015