Hackers Using Popular Websites To Attack Official Targets

Hackers Using Popular Websites To Attack Official Targets
WikiImages / Pixabay

The subtle method of cyber insurgency is detailed in a new report by security firm FireEye. The company recently revealed a long-term Chinese hacking campaign against Asian companies, and has now detailed another China-based hacking threat, writes Jon Russell for TechCrunch.

Play Quizzes 4

Hackers embedded code embedded in the comment section of TechNet

Hackers have apparently been using the Microsoft web forum TechNet in order to remotely activate malware, which could give the hackers access to an organization’s private network and the data contained in it.

This Long/ Short Equity Firm Sees A Time-Arbitrage Opportunity In This Pest Control Merger

PestYost Partners was up 0.8% for the first quarter, while the Yost Focused Long Funds lost 5% net. The firm's benchmark, the MSCI World Index, declined by 5.2%. The funds' returns outperformed their benchmark due to their tilt toward value, high exposures to energy and financials and a bias toward quality. In his first-quarter letter Read More

The group of hackers responsible for running the program is known as APT17, and they used TechNet to try and infiltrate a target. The program has now been shut down by Microsoft and FireEye.

APT17 were apparently targeting government agencies, NGOs and legal firms rather than regular users of the site. Attempts to gain access to an organization began by seeding malware with an individual inside the target, perhaps by planting a malicious file via email. If the file was opened, it could then be triggered using code left in the comment section of the TechNet forum.

The software used by the group is known as BLACKCOFFEE, and allows APT17 hackers to upload and download files, terminate processes on a host machine and instigate other backdoor commands. The subtlety of the attack meant that it would not be detected by internal security systems.

Sophisticated strategy likely to become more common

TechNet is a well-regarded site visited by IT professionals from around the world, and embedding malicious code there made it harder to detect than on other websites which are known to be compromised.

“This additional obfuscation puts yet another layer between APT17 and the security professionals attempting to chase them down,” FireEye said in its report. Its findings inspired FireEye to contact Microsoft, which then shut down the group’s accounts on TechNet.

FireEye predicts that tactics such as this one will become more common as hackers develop ever more sophisticated techniques.

“Organizations will need new technology to detect these attacks,” said Bryce Boland, FireEye’s APAC CTO. He said that those companies with “highly critical environments shouldn’t allow people to receive content from the internet.”

On the other hand, websites which allow users to post content need to be wary of the misuse of this ability, he continued.

Updated on

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at theflask@gmail.com</i>
Previous article Safal Niveshak: Learn To Earn – The Art Of Investing
Next article Microsoft Hyperlapse Stabilizes Video On Phones, PCs

No posts to display