News & Information for Technology Purchasers NewsFactor Sites:     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note
Enterprise I.T.
Register for a certification exam.
Average Rating:
Rate this article:  
Chinese NYT Hackers Back with New Malware
Chinese NYT Hackers Back with New Malware

By Jennifer LeClaire
August 12, 2013 1:38PM

    Bookmark and Share
State-sponsored attackers -- like the Chinese hackers -- have a long-term interest in collecting intelligence from particular targets. When these kinds of attackers are discovered, they react by adapting their techniques so that they can fly under the radar again, said Tom Cross, director of security research at Lancope.

The Chinese hackers who reportedly attacked the New York Times and the Wall Street Journal are back -- and they're equipped to potentially do more damage than ever. Identified by security firm Mandiant as Unit 61398, the hackers have been silent since the hubbub in January.

But according to FireEye, the groups appear to be mounting fresh assaults that leverage "new and improved" versions of malware. Indeed, security researchers believe there's been a retooling of the massive spying operation that has ties to Communist China.

"The newest campaign uses updated versions of Aumlib and Ixeshe," Ned Moran and Nart Villeneuve of FireEye warned in a blog post. "Aumlib, which for years has been used in targeted attacks, now encodes certain HTTP communications . . . And a new version of Ixeshe, which has been in service since 2009 to attack targets in East Asia, uses new network traffic patterns, possibly to evade traditional network security systems."

Beware New TTPs

Why did the hackers make the upgrade? FireEye researchers said cybercriminals are constantly evolving and adapting their attempts to bypass computer network defenses. But there's no need to evolve if the current malware is getting the dirty work done.

"So when a larger, successful threat actor changes up tactics, the move always piques our attention," the researchers wrote. "Naturally, our first priority is ensuring that we detect the new or altered TTPs [techniques, tactics or procedures]. But we also attempt to figure out why the adversary changed -- what broke? -- so that we can predict if and when they will change again in the future."

FireEye reports that about four months after the New York Times publicized an attack on its network, the attackers updated versions of their Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe malware families. The previous versions of Aumlib had not changed since at least May 2011, they said, and Ixeshe had not evolved since at least December 2011.

"We cannot say for sure whether the attackers were responding to the scrutiny they received in the wake of the episode. But we do know the change was sudden," the researchers wrote. "Akin to turning a battleship, retooling TTPs of large threat actors is formidable. Such a move requires recoding malware, updating infrastructure, and possibly retraining workers on new processes."

Hunting for Infections

We looked to Tom Cross, director of security research at Lancope, for his reaction. He told us it is not surprising that this adversary is continuing to launch attacks.

"State-sponsored attackers have a long-term interest in collecting intelligence from particular targets, and these adversaries are not deterred by being caught. When these kinds of attackers are discovered, they react by adapting their techniques so that they can fly under the radar again," Cross said.

"Organizations that are targeted by these kinds of attacks need to engage in a constant, ongoing process of hunting for infections within their networks," he added. "The fight against this kind of espionage is never over."

Tell Us What You Think


Beverley Montenaro:

Posted: 2013-09-28 @ 3:30am PT
I've uncovered an elaborate network of malware of Chinese origin. The time these people have clearly spent on validating themselves with fake websites, reviews and awards must be huge. It's rather difficult to get anyone to listen to one though. As they are constantly changing things after I make a report it's somewhat of a struggle for one person - still, like Marge Simpson says, "Slow and steady wins the race". is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.

 Enterprise I.T.
1.   AMD Debuts 64-Bit ARM Server Chips
2.   Asana Revamps Mobile App
3.   BlackBerry Acquires Secusmart
4.   Dell, BlackBerry Downplay Threat
5.   BlackBerry BES 10 Now Hosted

AMD Debuts 64-Bit ARM Server Chips
New Opterons target data center needs.
Average Rating:
Dell, BlackBerry Downplay Threat
Say Apple-IBM alliance can't hurt them.
Average Rating:
BlackBerry Acquires Secusmart
German security firm offers street cred.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Tor Internet Privacy Service Warns Users It Was Breached
You may never have heard of the Tor Project, but the Internet privacy service is making headlines. Tor’s devs say users might be victims of an attack launched against the project earlier this year.
Canadian Government Charges China With Cyberattack
The government of Canada is not happy with China. Canadian officials have accused "a highly sophisticated Chinese state-sponsored actor" of launching a cyberattack on its National Research Council.
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.

Mobile Technology Spotlight
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
Facebook: You Will Use Messenger, and You Will Like It
Starting this week, Facebook users with Android and iOS phones will be forced to use the separate Messenger app to send Facebook messages. Pending messages will still be visible in the main app.

NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.