FireEye reported unearthing the new hack tools when analysing a recent attack on one of the company's clients, warning that the malware is significantly more advanced than those used in the group's previous campaigns.
"The attackers behind an audacious breach of The New York Times' computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware. The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits," wrote the researchers.
News of The New York Times attack broke in January, when the publication reported being the victim of an ongoing cyber campaign. Security firm Mandiant, which helped mitigate the attack, subsequently reported linking the campaign to a Chinese group. The attacks are believed to have been carried out in retaliation to a series of articles about former Chinese prime minister Wen Jiabao.
FireEye senior malware researcher Ned Moran told V3 the new attacks use evolved versions of the longstanding Aumlib and Ixeshe malwares, which have been used by criminals in targeted attacks for several years. He added that the upgraded tools are designed to help the criminals avoid detection, even from advanced systems designed to detect their previous tools, when hacking into their victim's network.
"The network protocol has been altered. Signatures designed to detect the previous version of these tools may not detect these new network protocols. This may enable the threat actor to operate undetected," said Moran.
The report said, while troubling, the development is not surprising and is typical of most hackers; the group that hacked The New York Times is simply amending its strategy having been discovered. "Attackers do not change their approach unless an external force or environmental shift compels them to. As the old saying goes: if it ain't broke, don't fix it," read the report.
The attack is one of many advanced threats uncovered this year. Arbor Networks last week reported uncovering a new bruteforce botnet campaign, which has already infected over 25,000 Windows machines with malware using an unknown infection method.
No comments:
Post a Comment