• $
  • £

Microsoft patches bug 'used by Chinese hackers'

Microsoft patches bug 'used by Chinese hackers'
11.02.2015 13:33
Microsoft has released a patch to close a bug exploited by hackers, who targeted US military and government networks.

The flaw was used to compromise Windows PCs that visited sites seeded with other malware created by the group.

Popular news site Forbes was one victim unwittingly enrolled into the cyber-espionage campaign.

Security systems on US military networks ultimately foiled attempts to steal data, said one expert.

"It's fairly brazen for a Chinese cyber-espionage group to use such a public site," said John Hultquist from iSight Partners, which said it had traced the attack back to a group called Codoso.

Data grabbing
Forbes' site was compromised via a software add-on, or widget, that made use of a version of Adobe's Flash software, which in turn was vulnerable to an exploit believed to have been created by Codoso.

This was paired with a separate vulnerability that the hackers used to takeover Windows machines.

The booby-trapped widget was present on the Forbes site between 28 November and 1 December, 2014, said a spokeswoman for the news site.

"Forbes took immediate actions to remediate the incident," said the spokeswoman.

"The investigation has found no indication of additional or ongoing compromise nor any evidence of data exfiltration."

No group had claimed responsibility for the attack, she added.

Mr Hultquist told the BBC that iSight had been tracking Codoso since 2010 and was confident it was behind the attack.

Additional intelligence about its origin has been provided by security company Invincea which spotted machines infected via the Forbes exploit on military networks.

Once it took hold on a Windows machine the Codoso malware sought to log what software the machine ran and to map networks to find other machines to compromise, Mr Hultquist explained

"It's all about land and expand," he said.

"They want to get in and stay in and be as persistent as possible and gather intelligence over a long period of time."

No data was stolen from official US networks using this exploit, said Norm Laudermilch from Invincea.

However, he said, analysis of the malware showed that it had been used to get at various other sites and the sheer number of people visiting Forbes would suggest a lot had been caught out by it.

Adobe patched the Flash bug on 9 December and Microsoft has now moved to close the other loophole found and exploited by Codoso.

Mr Hultquist said the evidence suggested Codoso was no common-or-garden cybercrime group.

"There are different motivations for hacker groups, but this one is about espionage and that, by definition, is not about making money," he said.

China was not alone in setting up such groups and trying to gather data by hacking, he added.

"We've seen dozens of them," he said.

"It's a very inexpensive way to get an advantage over your adversaries."

(BBC)

ANN.Az


Similar news
Similar news
Azerbaijan helps prepare ITF Transport Outlook 2027
Business 18:00
Azerbaijan helps prepare ITF Transport Outlook 2027
ADY food product shipments rise 35% in H1
Business 17:30
ADY food product shipments rise 35% in H1
Georgia brings energy agreements with Azerbaijan into force
Business 17:00
Georgia brings energy agreements with Azerbaijan into force
Azerbaijan’s green power output reaches 2.8 bln kWh in H1
Business 16:00
Azerbaijan’s green power output reaches 2.8 bln kWh in H1
Azerbaijan produced 13.3 mln tonnes of oil in H1
Business 15:30
Azerbaijan produced 13.3 mln tonnes of oil in H1
Azeri Light oil price rises above $88
Business 15:00
Azeri Light oil price rises above $88
Euro money once again names ABB Bank “Bank of the Year”
Business 13:30
Euro money once again names ABB Bank “Bank of the Year”
Respublika Recognised by Euromoney as Azerbaijan's Best Bank for SMEs
Business 13:00
Respublika Recognised by Euromoney as Azerbaijan's Best Bank for SMEs
Online business loans of up to 300,000 manats with no collateral and no bank visits!
Business 12:43
Online business loans of up to 300,000 manats with no collateral and no bank visits!
Anews TV

Our official Youtube channel

Subscribe