Feeds

Chinese hackers target media in anniversary run-up

News organisations, NGOs hit by trojan attacks

Using blade systems to cut costs and sharpen efficiencies

Chinese workers in foreign media outlets within China are in the firing line of a new wave of malware-laden emails.

The timing of the emails, in the run-up to the 60th anniversary of the Communist Party's rise to power in mainland China on 1 October, has sparked dark accusations (supported by circumstantial evidence) that the Chinese government might be behind the attacks.

Human rights groups are also getting targeted in the latest wave of cyber-attacks, which are far from unprecedented.

"There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar," Nicholas Bequelin of Human Rights Watch in Hong Kong told Reuters.

"Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it."

The latest wave of attacks involves the forwarding of kosher emails from activist organisations together with a fake malware-ridden attachment. The tactic gets around earlier tell-tale signs of malicious emails, such as poor spelling. In addition, email addresses are spoofed to disguise their true origin.

Reuters reports that Chinese workers at foreign news organisations across China received identical emails on Monday, each containing an attachment designed to exploit a recently-patched flaw in Adobe Acrobat. Flaws in Adobe's software applications are becoming a favourite in targeted attacks, second only to Microsoft Office-themed assaults.

The tainted emails posed as a request by a fictitious economics editor called Pam Bouron to line-up interviews in advance of a supposed visit to Beijing. The messages were tailored so that Bouron appeared to work for each of the targeted news outlets: Reuters, the Straits Times, Dow Jones, AFP, and Italian news agency Ansa.

The "Pam Bouron" emails targeted Chinese workers whose names were not typically included in news reports. These workers are hired through an agency which reports to the Chinese Foreign Ministry, a fact seized on by some as circumstantial evidence of possible Chinese government involvement in the ruse.

Many foreign reporters in Beijing and Shanghai received malware-laden emails shortly after the initial attack.

Trojan tainted emails were also sent to foreign news agencies and non-government organisations in the run-up to last year's Beijing Olympics, Reuters adds.

In related developments, Beijing authorities have reportedly tightened physical security in the run-up to a military parade and other celebrations to celebrate National Day. The government has also reportedly mandated the use of stricter ISP-level censorware filters in an attempt to further control internet access in the run-up to 1 October. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.