Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Digital stakeout of Chinese hacker gang reveals 100+ victims

Gregg Keizer | Aug. 7, 2013
Crew behind 'Comfoo' RAT may have rooted through videoconferencing vendor for ways to watch confidential meetings in government, businesses

But one victim caught their attention.

While Stewart and Jackson declined to name any of the victims, they said one campaign had been aimed at a major videoconferencing software developer.

They speculated that the attackers were sniffing through that company's network for information on vulnerabilities in the software, which they could then exploit at other targets to put eyes and ears on confidential industry and government meetings. "They might be trying to leverage that access to spy on third parties," said Stewart.

In a report SecureWorks published last week on Comfoo, the company said that targeting audio and videoconferencing products was "unusual."

Other attacks may have had the same goal: Acquire inside information on everything from specialized security software to digital certificates for use in future campaigns.

SecureWorks' surveillance will also let security researchers better track the hacker gang, even though the cyber criminals have changed their malware tools since using Comfoo, and will undoubtedly do so again, said Jackson.

"It's safe to assume that they'll change their toolkits," Jackson said. "But as long as the key features match, we should be able to match them [in the future] with campaigns."

Hacker gangs, Jackson added, have personalities and quirks, and can be "fingerprinted" by closely analyzing not only the malware they use, but also how they organize the C&C infrastructure. "They all have patterns," Jackson said.

Although he wouldn't go into specifics, Jackson said that SecureWorks had already used the patterns found in the Comfoo campaigns to identify newer malware and attacks that the company believes is the work of the Beijing Group.

"As long as it's evolutionary rather than revolutionary, we should be able to spot them," Jackson said.

More information about the Comfoo surveillance can be found on SecureWorks' website.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.