Hackers sponsored by the Chinese government and other nations are collaborating with profit-driven malware gangs to infiltrate corporate networks storing government secrets and other sensitive data, researchers say. In many ways, the relationship between state-sponsored actors and organized crime groups that target online bank …
Stop with the APT mythology
The biggest fail people make with APT is calling it a name and treating it any different to other forms of security compromise.
The threat is military/industrial espionage, which is basically infomation theft and the vehicle is accessing your networked computers.
Thats your commonality, there is no other commonality.
Therefore of course the same MO and the same toolset at play.
The day someone dreamt up "APT" was the day we started loosing focus and loosing the war.
And in some cases...
... the malware gangs might even *know* about the use of their kit by the Spooks.
Bet the Spooks don't ask if they don't have to, though.
What's with the Chinese angle?
What's with the media slipping the "Chinese" word in every hacking related articles?
Everyone in the trade knows the Russians has been systematically creating/releasing/controlling malware botnets for decades, but no, it's now the "Chinese" because you idiots are too afraid to name the russians. Yeah and we are suppose to believe the US don't have state sponsored hackers as well. Pathetic.
Just a bunch of noobs looking for an excuse to attack the Chinese.
A bunch of Turkish/Greek/Russian/American rootkit/malware pushers developingcovert mass surveillance software for the Home Office?
"A bunch of Turkish/Greek/Russian/American rootkit/malware pushers developingcovert mass surveillance software for the Home Office?"
Not quite. This seems like a business that works *regardless* of what people do.
The sort of "brilliant" scheme Kent no doubt kicks himself for not thinking of himself.
> Hackers sponsored by the Chinese government and other nations are
> collaborating with profit-driven malware gangs
As soon as I read that, all I could think of was Lois Griffin saying "Hitler... is plotting... with, with the Legion of Doom... to assassinate Jesus".
We can be truly proud of ourselves, this and day-glo moggies, what a brilliant week for humanity!
"Monkey's with technology,
Barely out of the caves and the trees."
Most of these bot nets are out of jurisdiction but do they still shoot you for treason?
If a "broker" or a herder were found out and this bot net was used to compromise government security i. e. get spies and whistle blowers killed shouldn't these people pay the ultimate price as a deterrent.
I'm sure the PRC does it this way.
Connection not established
Wermud and the trojan in the VirusTotal link above (a Chinese DDoS bot known as Azvhan) both draw part of their code from the public Gh0st source code base. I'm not seeing how public code reuse implies cooperation between criminal botmasters and Chinese cyber-espionage units. Is there an actual report with details of this APT <-> criminal botmaster connection published somewhere?
I would think that a common attack vector would actually be home PC's
Spook ID's mid level bureaucrats and their family. Query the bot-herders if they dont have them then, if the family has teenagers compromise their home systems via that vector (facebook friends offering cute apps, music, porn downloads).
Enough kids leads to infections on usb sticks, breaking into roving laptops, which are always getting viruses Access to that data, then perhaps something useful in the corporate environment. It would simply be a numbers game. Easier than cold calling people.
Why do I think it happening that way? Oh just the odd bureaucrats kid somehow having his web traffic proxied by Taiwan and China
Nope, I've never seen that route in any case I've seen details of... and I've seen more than a few.
Its direct attacks on corporate workstations with spearphising emails. Compromised workstation opens up command and control channel to attacker controlled server(s) and then the fun begins.