A Beijing-based hacking combine that has broken into hundreds of
company networks — and continues to do so with near impunity — may have a
tougher go of it from here on out.
That¹s because here at the Black Hat Conference researchers from
DellSecureWorks disclosed evidence that helps fingerprint the handy work
of one of the top two cyber espionage gangs operating out of China.
Dell SecureWorks calls them the Beijing Group, , so-named for the
location of the IT infrastructure they use to pull off their hacking
campaigns.
The Beijing Group's quirks and one of their most successful pieces of
malicious software, called Comfoo, have been painstakingly flushed out
by Don Jackson and Joe Stewart, veteran researchers at Dell SecureWorks¹
Counter Threat Unit, as well as other researchers, for the past 18
months.
Jackson and Stewart told CyberTruth they were taking the uncommon
step of sharing these details publicly to help their fellow forensic
experts worldwide more easily find and eradicate the Beijing gang¹s
systemic spying.
"It¹s clear that this is an adversarial force with tremendous
resources and capabilities," Jackson says. "They¹re responsible for
setting up a vast network of listening posts to try to shift the
strategic advantage from one party to another."
The Beijing Group was one of two hacking groups behind the 2010 deep
hack of RSA SecureID, in which they stole the keys to decrypting
one-time password tokens sold by RSA and used widely by defense
contractors and others to limit access to sensitive accounts and
databases.
In fact, this gang is one of two major China-based hacking combines
that are widely tracked by security researchers and are known to have
infiltrated hundreds of private companies and government organizations
in the U.S., Europe and Asia.
Much of the Beijing Group's capers have been aimed at organizations
in Japan, India and South Korea. The attackers target trade
organizations, telecommunications firms, think tanks, news media and
even audio and videoconferencing manufacturers.
"This is more evidence of ongoing attempts to gather information from
sensitive places," says Stewart. "They are getting into really
important networks and monitoring and gathering information over a
period of years."
No comments:
Post a Comment