Researchers have pointed the finger at Chinese intelligence officers, blaming them for nearly a decade’s worth of network intrusions for using advanced malware to infiltrate software companies in the US, Europe, Russia and elsewhere.
According to a 49-page report published Thursday, the hackers used phishing emails as recently as March in a campaign to target Gmail and Office 365 accounts. They made serious operational security errors in the process and revealed key information about the possible location and their targets.
The blame has been laid at the step of Chinese government intelligence framework Winnti Umbrella, which has been reportedly triggering attacks since at least 2009 and possibly back to 2007. Kaspersky Lab researchers, in 2013, reported that hackers used computers with Korean and Chinese language configurations to operate and deploy a backdoor malware dubbed Winnti, infecting over 30 online video game firms over the past four years. The attackers obtained digital certificates using unauthorized access, later exploring them to sign malware used in campaigns targeting political activists and other industries.
“The purpose of this report is to make public previously unreported links that exist between a number of Chinese state intelligence operations,” ProtectWise researchers wrote in the report. “These operations and the groups that perform them are all linked to the Winnti Umbrella and operate under the Chinese state intelligence apparatus.”
The groups hacked smaller organizations in the technology and gaming industries before using their code-signing signatures to compromise their main targets, most of whom were political.
Another campaign that ran for eight days starting March 20 this year used Google’s link-shortening service goo.gl, enabling researchers to use the service to source key stats and details. The link was created weeks before the campaign went live and showed that the random phishing link had been clicked a total of 56 times in countries including Japan, the United States, India and Russia.
Image credit: Pexels.