Jump to content

Chinese servers attack top US websites


Recommended Posts



Chinese servers attack top US websites

Targeting security companies, universities and Defence contractors

14 Jun 2012 09:55 | by Nick Farrell in Rome


Insecurity experts have detected an ongoing series of attacks targeting SCADA security companies, universities and defence contractors.

The attacks use customised malicious files to entice targeted users into opening them and are using a series of hacked servers as command-and-control points.

Tactics and tools used by the attackers indicates that they may be located in China.

The first target was Digitalbond, a company that provides security services for ICS systems, but the others followed a similar pattent.

The attack begins with a spear phishing email sent to employees of the targeted company and containing a PDF attachment which, if opened, installs a Trojan downloader called spoolsvr.exe.

This connects to a C&C server located at hxxp://hint.happyforever.com and downloads instructions and a payload. Another file is loaded called tanghi.exe that is not widely recognised by anti-malware products and is a remote access tool that gives the attacker a persistent presence on the compromised machine.

AV expert Jaime Blasco of AlienVault said users at Carnegie Mellon University, Purdue University and the University of Rhode Island have been hit.

Chertoff Group, which is a consultancy headed by former secretary of Homeland Security Michael Chertoff, and NJVC, another defense contractor, have been targeted.

Alienvault said the approach was similar to the Shady Rat attacks that were first publicized by McAfee in August, 2011 and are probably the same people.

The attacks are not random and it appears that the targets are being selected carefully.

Other security stories

SOURCE: http://news.techeye....top-us-websites


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.