Chinese hackers have earned a notorious reputation over the years, hacking into the machines of countless organizations. Now, a report from FireEye reveals that hackers based in China were able to access the computers of European diplomats during G20 meetings.
The hackers responsible for this breach apparently work under a concerted campaign by the name of ‘Operation Ke3chang‘. This operation has been up and running since 2010 and the Chinese hackers involved in it have targeted a number of sectors including aerospace, energy, high-tech as well as governmental entities.
Particularly alarming is the revelation in the report that the Ke3chang hackers sent out malware-ridden emails to the staff of European foreign ministries. Interestingly, the malware was coupled with a file which pretends to be a detail of US military options in Syria. As soon as the pdf file is opened, the malware downloads and installs on the victim’s machine.
According to the report, the malware relies on ‘Java zero-day vulnerability (CVE-2012-4681), as well as older, reliable exploits for Microsoft Word (CVE-2010-3333) and Adobe PDF Reader (CVE-2010-2883).’ The attacks, targeted at European diplomats, were meant to listen in on the developments related to G20 meetings, which hints that a state is involved in the entire scheme.
In total, Ke3chang campaign relied on 23 command-and-control servers. FireEye was able to look into one of these servers and it was then that the security firm discovered about the compromised machines at European embassies. The hackers in the team pulling off these attacks are involved in stealing corporate secrets of a number of companies and snooping in on numerous governments. The details of these attacks and other shenanigans of this team of hackers can be viewed in the report published by FireEye.
Courtesy: The Hacker News