FireEye, a security firm based in the US, has found a new kind of malware that targets mass media. The malware was first spotted in Hong Kong, where it had been targeting smaller media agencies. The main targets were newspapers, radio stations, and TV studios.
The Malware Comes from Dropbox Accounts
The firm was able to trace the malware back to a series of Dropbox accounts. Particularly, a group of hackers under the name admin@338 is rumored to have ties to the Chinese government. They’ve been targeting international organizations in the financial, economic and trade policy sectors. They have employed spear-phishing campaigns before, in order to infect users with RATs, or Remote Access Trojans. Their latest attack, as observed by FireEye, is against media agencies that supported the protests that happened in Hong Kong last year.
admin@338 often sends word documents in emails sent to targets. These emails discuss anti-Chinese and pro-democracy topics, and they contain the CVE-2012-0158 Microsoft Office bug that lets hackers install LOWBALL malware onto the targets’ computers. The latest attack had an added bonus, as the C&C server was inside a Dropbox account and not elsewhere on the net. FireEye and Dropbox then joined hands to get behind the series of cyber security threats. There are over 50 accounts currently in danger of these attacks.
What Does this Mean for Terrorist Groups?
Terrorist factions like ISIS might take advantage of this information, spreading anti-jihadist propaganda to lure users into the trap and then infect their machines with malware. While it is not ISIS’s usual approach, the world is zeroing in on the group. It’s possible that the organization does everything it can to spread their extremist messages and put those that don’t share their faith in danger. Hopefully, FireEye, Dropbox, and other firms can come together against these cyber security threats.