Menu
Chinese hacker group behind New York Times attack returns with updated tools

Chinese hacker group behind New York Times attack returns with updated tools

The APT 12 hacker group has updated its malware programs to evade network-level detection, researchers from FireEye said

The Chinese hacker group that broke into the computer network of The New York Times and other high-profile organizations, including defense contractors, has launched new attacks following a few months of inactivity, according to researchers from security vendor FireEye.

The cyberespionage group is known as APT 12 (Advanced Persistent Threat number 12) and is believed to have ties to China's People's Liberation Army (PLA).

APT 12 is back after a period of silence following widespread media coverage in January of The New York Times security breach and reports revealing the group's methods and operations, FireEye researchers said Monday in a blog post.

"We observed new activity from this group in early May 2013," said Ned Moran, senior malware researcher at FireEye, via email. "We are almost certain that these new attacks were conducted by the same group."

The attacks used new variants of Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe, malware programs previously associated with APT 12, as well as command and control infrastructure attributed to the group, Moran said.

The new Aumlib version was used to target an organization that helps shape international finance and economic policy, while the new Ixeshe variant was used in attacks against entities in Taiwan, according to the FireEye researchers. The targeted organizations were not named.

The APT 12 group made changes to the network communication protocols in its malware tools so that the traffic patterns they generate differ from those of older versions.

This was done in order to evade detection by intrusion detection systems, Moran said. The FireEye blog post includes details about the traffic changes that will help companies create new signatures for their detection tools, he said.

It's possible that there are ongoing attacks using these updated Aumlib and Ixeshe versions, Moran said. "We recommend that companies ensure that their detection tools are able to identify these new variants."


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags firewallsintrusionsecurityFireEyeDesktop securityMandiantspywaremalware

Featured

Slideshows

A snapshot of the Kiwi partners set to shine at the Reseller News Awards

A snapshot of the Kiwi partners set to shine at the Reseller News Awards

With the 2017 Reseller News ICT Industry Awards only weeks away, Reseller News profiles the power line-up of partners set to dominate the biggest night on the channel calendar. ​Ranging from the enterprise, down through the mid-market and small business sectors into the heart of the start-up scene, the end result is the most diverse and wide-ranging partner line-up in the history of the Awards, playing host to the leading innovators of the past 12 months.​

A snapshot of the Kiwi partners set to shine at the Reseller News Awards
Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
Show Comments