Menu
Chinese hacker group behind New York Times attack returns with updated tools

Chinese hacker group behind New York Times attack returns with updated tools

The APT 12 hacker group has updated its malware programs to evade network-level detection, researchers from FireEye said

The Chinese hacker group that broke into the computer network of The New York Times and other high-profile organizations, including defense contractors, has launched new attacks following a few months of inactivity, according to researchers from security vendor FireEye.

The cyberespionage group is known as APT 12 (Advanced Persistent Threat number 12) and is believed to have ties to China's People's Liberation Army (PLA).

APT 12 is back after a period of silence following widespread media coverage in January of The New York Times security breach and reports revealing the group's methods and operations, FireEye researchers said Monday in a blog post.

"We observed new activity from this group in early May 2013," said Ned Moran, senior malware researcher at FireEye, via email. "We are almost certain that these new attacks were conducted by the same group."

The attacks used new variants of Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe, malware programs previously associated with APT 12, as well as command and control infrastructure attributed to the group, Moran said.

The new Aumlib version was used to target an organization that helps shape international finance and economic policy, while the new Ixeshe variant was used in attacks against entities in Taiwan, according to the FireEye researchers. The targeted organizations were not named.

The APT 12 group made changes to the network communication protocols in its malware tools so that the traffic patterns they generate differ from those of older versions.

This was done in order to evade detection by intrusion detection systems, Moran said. The FireEye blog post includes details about the traffic changes that will help companies create new signatures for their detection tools, he said.

It's possible that there are ongoing attacks using these updated Aumlib and Ixeshe versions, Moran said. "We recommend that companies ensure that their detection tools are able to identify these new variants."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarefirewallsspywareintrusionFireEyeDesktop securityMandiant

Featured

Slideshows

Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments