The mid-December wave of targeted attacks from China hit Google, Adobe, and at least 20 other large companies from the Internet, finance, technology, media, and chemical industries with custom-developed malware that was based on zero-day flaws. The attackers acted on behalf of the Chinese government and used a blend of intelligence and spearphishing email messages to lure users within victim companies to open infected documents that appeared to be from people they knew. These attacks show a new level of sophistication in malware as well as a shift from foreign nations attacking US military and defense towards attacking American industry and economy.
This Chinese malware quite often targets intellectual property, financial data, along with the obvious dual-purpose technology (commercial/military). There has been a recent moniker attached to this “collection network,” cited as (GhostNet) on several sites.
This recent discovery of attacks only references the Chinese and does not even address Eastern Europe/Russia. This is one of the greatest reasons SpearTip has staffed our growing team to include Russian, Italian, Farsi, Korean, and Chinese linguists to assist our corporate clients against these emerging threats.
You can find the full text of the source of this analysis at: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=222300840
- J. Kolthoff