Chinese Hackers Attacked 5 EU Nations Prior to G-20 Meet, Says FireEye

According to FireEye Inc., Chinese hackers launched an espionage attack against the PCs installed at the foreign ministries of 5 European countries prior to the G-20 Summit of September 2013. The summit focused on the ongoing political havoc inflicting Syria.

Reportedly, during the hack, phishing e-mails were dispatched targeting the ministries' staff PCs. The messages entitled "US_military_options_in_Syria" carried contaminated file attachments that planted malware onto the systems, explained FireEye.

The security researchers monitored the hackers' activities spanning 7-days prior to the G-20 meet kick started in Russia, however, the attackers shifted onto one fresh server so the trail was lost.

FireEye declined to name the countries that faced the hacks, though it stated that each of the victimized nations was a European Union member. It also stated that the victims were reported about the assaults via Federal Bureau of Investigation.

According to Researcher Nart Villeneuve of FireEye, who examined the attack, little clue was found suggesting a straight connection between the hackers and Government of China; nevertheless, from the C&C system's data as well as the malware's script, it became apparent that the cyber-criminals were Chinese. The servers they employed often mentioned "consulate" in their data prompting FireEye to believe there was political intention within the assault, Villeneuve contended. Ibtimes.com published this, December 10, 2013.

Moreover, the attack involved another C&C server that sent commands in language mixed with Chinese and English. When the identified malicious software was tested, there was indication that the software was developed using Windows computers which had Chinese language by default. Thus FireEye, based on these clues, believes the cyber-assault had China as masterminding it.

The company, according to Villeneuve, located the assault when it was gathering details of "Ke3chang," a hacker syndicate, whilst examining the malware as well as servers the latter utilized. FireEye nicknamed the assault "moviestar" as also managed in determining the different data the hackers obtained while targeting their victims.

Like before, this time too the hacking assaults are suspected as originating from the Chinese army. And though Chinese Government hasn't ever admitted the accusations, it asserts USA frequently victimizes it with spying operations.

» SPAMfighter News - 12/19/2013