Feeds

Spies launch hack attacks on Mongolia... to see who its friends are – report

Like checking up on your kid's Faceboo... well, not really

Beginner's guide to SSL certificates

Cyber-spies are targeting Mongolian businesses and government agencies to keep the attackers "aware" of the land-locked country's relationships with "Western influences" like the US and the European Union, according to a recent report.

Cyber Squared’s ThreatConnect Intelligence Research Team (TCIRT) blames a "state-sponsored" Chinese hacking group for the campaign, which it says shows evidence of offensive tactics against Mongolian targets which are very similar to those long applied against Tibetan and ‪Uyghur ‬nationalists and affiliated groups.

The custom malware used in the anti-Mongolian campaigns shares the same functionality of malware used by an unidentified Chinese cyber-warfare unit that has been dubbed “Comment Crew” or “APT1”, Cyber Squared reports.

"TCIRT has identified a series of targeted cyber attacks that have been directed against Mongolian and allied networks by several Chinese Computer Network Exploitation (CNE) groups," the cyber intelligence agency explains.

It adds:

Retrospective analysis of several targeting campaigns identified numerous examples of focused Chinese [exploitation] directed against economic, military, and diplomatic targets within Mongolia and Mongolian partners. Persistent remote access to strategic Mongolian networks would help China maintain awareness of changes in Mongolian relations with the US and other Western influences in an effort to better protect China’s national interests in Mongolia and the region.

Booby-trapped documents associated with the attack include an announcement for a joint US-Mongolia military exercise called Khaan Quest 2014. Retrospective research by Cyber Squared identified additional decoy documents, written in Mongolian, themed around events such as the June 2013 Mongolian presidential election.

Cyber Squared reckons that attempts to hack Mongolian government and business computers are been motivated by "Mongolia’s attempt to steer a more independent path by reaching out to what it calls 'third neighbours' such as the United States, Japan, South Korea, and the European Union."

The malware-fuelled hacking campaign would "help China maintain awareness of changes in Mongolian relations with the US and other Western influences and protect their national interests in Mongolia", thus helping to give the Chinese government the edge in relations with its northern neighbour.

More details on the attacks - including screenshots and code snippets - can be found in a blog post by Cyber Squared here. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.