| Online: | |
| Visits: | |
| Stories: |
| Story Views | |
| Now: | |
| Last Hour: | |
| Last 24 Hours: | |
| Total: | |
Chinese Cyberspies Use Malaysian Flight for Attacks
Spies tied to some of China’s largest cyberespionage campaigns are using the disappearance of Malaysian Flight MH 370 to infect computers of governments and think tanks.
Two of the attacks were uncovered by researchers at security company FireEye, who did not immediately respond to requests for interview.
FireEye found the attacks used a modified version of a hacking tool favored in Chinese state-sponsored attacks called Poison Ivy. They also traced the attacks to a group dubbed “Admin@338,” which has been involved in previous Chinese espionage campaigns.
The cyberspies leveraged the Malaysian Flight to gain access. They sent emails to specific targets with an infected file seemingly about the Malaysian flight. If the victim opened the file, it would infect the computer with their espionage tool.
After gaining access, they would be able to monitor the victim’s computer, steal files, or even watch the victim through a webcam.
The group of cyberspies began their attacks on March 10—two days after the Malaysian flight disappeared—and targeted an unnamed foreign government in the Asian Pacific region, according to a FireEye analysis of the campaign.
The individuals sent an email to the target, with an attached file called “Malaysian Airlines MH370.doc.” If the victim opened the file, the cyberspies would then gain access to the computer.
Their next target was “a prominent U.S.-based think tank,” according to FireEye, and the hacking tool was disguised as a Flash video.
In October 2013, Admin@338 was involved in cyberespionage campaigns targeting a U.S. think tank, the Central Bank of an unnamed Western European government, a high-ranking government official in the Far East, and several other targets involved in trade and financial policy.
FireEye noted the 2013 espionage campaign was “apparently focused on gathering data related to international trade, finance, and economic policy.”
The attacks uncovered by FireEye were not the only Chinese attacks that are leveraging the Malaysian flight.
Security company Kaspersky found similar infected files disguised as information on the flight’s disappearance, which it traced back to groups behind some of China’s largest espionage campaigns.
