China implicated in another major hacking attack

Tuesday, April 6, 2010

Security researchers in Canada have uncovered a new targeted malware network controlled by servers in China which has compromised computer systems in the Office of the Dalai Lama, Indian government, business and academic organisations and even the United Nations.

University of Toronto researcher Nart Villeneuve highlighted the main findings of the new Shadows in the Cloud report, revealing a "complex and tiered command-and-control infrastructure".

"The attackers misused a variety of services, including Twitter, Google Groups, Blogspot, Baidu Blogs, and Yahoo Mail, in order to maintain persistent control over the compromised computers,"
he said in a blog post yesterday.

"This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command-and-control servers located in China."

Any concrete link with the Chinese authorities is unproven, but the report has managed to link the network with two individuals living in Chengdu and to the underground hacking community in China.

The report, which was compiled by Shadowserver Foundation and the Information Warfare Monitor, also claimed that the network had been involved in stealing countless documents marked 'secret' or 'confidential', and that over 1,500 letters sent from the Dalai Lama's office last year had been compromised.

"The nature of the data stolen by the attackers does indicate correlations with the strategic interests of the Chinese state. But we were unable to determine any direct connection between these attackers and elements of the Chinese state," wrote Villeneuve.

"However, it would not be implausible to suggest that the stolen data may have ended up in the possession of some entity of the Chinese government."

The new attack network bears several similarities to the GhostNet system uncovered by the same team of researchers about a year ago which heavily implicated China in cyber snooping activities.

The Chinese government is reported to have issued a stock denial of any such activities, claiming that they had been "stirred up" to cause trouble.

"We resolutely oppose all forms of cyber crime including hacking," China foreign ministry spokeswoman Jiang Yu is reported to have told a press conference.



Post a Comment