Hackers Created Fake News Sites in Attempt to Phish Reporters Covering China. Researchers at Citizen Lab have unearthed a broad campaign aimed at infiltrating Chinese language news sites after discovering a phishing campaign targeting journalists at the US- based China Digital Times. Digital espionage operations targeting news organizations have become commonplace with numerous attacks traced to China- based operators. In 2. 01. 3, for example, The New York Timesreported persistent intrusion attempts by Chinese hackers over a four- month period targeting staffers’ email accounts.
Likewise, The Washington Post reported that hackers gained access to Post employees’ user names and passwords. The hackers appear to have been tasked with uncovering the efforts of reporters covering stories in China. Out Of The Silent Planet Summary.
Citizen Lab was called to examine an intrusion attempt at the California- based China Digital Times after a reporter there received a suspicious email from an apparent source offering “insider information.” The email contained a link to what appeared to be a China Digital Times article, which diverted the reporter to a fake Word. Press login screen. Researchers later examined the server used to host the fake login page and discovered several other fake domains registered to the same entity. In fact, the hackers were attempting to mimic a slew of publications reporting on China, including The Epoch Times, Bowen Press, and Mingjing News. In some cases, the content of an entire site was copied to complete the illusion.
Inevitably, reporters presented with links to the fake sites were prompted to supply logins to the content management system; if the ruse worked, the hackers would acquire credentials to the actual news site and, potentially, access to drafts or other materials related to upcoming stories.“Our analysis shows that the operators are using the fake domains for at least three different purposes: reconnaissance, phishing, and malware,” Citizen Lab reports. Two servers were found to be associated with the hackers’ efforts. One was used for reconnaissance—to assess what sorts of upcoming stories might be published—as well as to launch phishing attempts, as described above. A second server was dedicated solely to serving malware operations. Citizen Lab identified malware contained on the second server as Net. Wire, a remote access trojan (RAT) which has been around since at least 2.
The payload was disguised as an “Adobe update” and contained software designed to obfuscate its source code. Netwire RAT has a wide range of capabilities. It can read usernames and passwords stored by web browsers, log keystrokes, capture screenshots and audio, and even upload and download files without the users’ knowledge. The domain information tied to the fake version of China Digital Times has also been linked to past campaigns targeting Tibetan Radio Station and the Thai Government, though this does not mean definitively that the attacks were carried out by the same actors. Ostensibly, this could be a case of separate actors using shared resources.
Counter-Strike: Global Offensive jest kolejn. Jest to próba od