Feeds

Spies launch hack attacks on Mongolia... to see who its friends are – report

Like checking up on your kid's Faceboo... well, not really

Protecting against web application threats using SSL

Cyber-spies are targeting Mongolian businesses and government agencies to keep the attackers "aware" of the land-locked country's relationships with "Western influences" like the US and the European Union, according to a recent report.

Cyber Squared’s ThreatConnect Intelligence Research Team (TCIRT) blames a "state-sponsored" Chinese hacking group for the campaign, which it says shows evidence of offensive tactics against Mongolian targets which are very similar to those long applied against Tibetan and ‪Uyghur ‬nationalists and affiliated groups.

The custom malware used in the anti-Mongolian campaigns shares the same functionality of malware used by an unidentified Chinese cyber-warfare unit that has been dubbed “Comment Crew” or “APT1”, Cyber Squared reports.

"TCIRT has identified a series of targeted cyber attacks that have been directed against Mongolian and allied networks by several Chinese Computer Network Exploitation (CNE) groups," the cyber intelligence agency explains.

It adds:

Retrospective analysis of several targeting campaigns identified numerous examples of focused Chinese [exploitation] directed against economic, military, and diplomatic targets within Mongolia and Mongolian partners. Persistent remote access to strategic Mongolian networks would help China maintain awareness of changes in Mongolian relations with the US and other Western influences in an effort to better protect China’s national interests in Mongolia and the region.

Booby-trapped documents associated with the attack include an announcement for a joint US-Mongolia military exercise called Khaan Quest 2014. Retrospective research by Cyber Squared identified additional decoy documents, written in Mongolian, themed around events such as the June 2013 Mongolian presidential election.

Cyber Squared reckons that attempts to hack Mongolian government and business computers are been motivated by "Mongolia’s attempt to steer a more independent path by reaching out to what it calls 'third neighbours' such as the United States, Japan, South Korea, and the European Union."

The malware-fuelled hacking campaign would "help China maintain awareness of changes in Mongolian relations with the US and other Western influences and protect their national interests in Mongolia", thus helping to give the Chinese government the edge in relations with its northern neighbour.

More details on the attacks - including screenshots and code snippets - can be found in a blog post by Cyber Squared here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.