Tradecraft 101

Posted on March 27, 2008
Filed Under China Hackers, China Internet, Cyberespionage, Malware |

In the wake of recent events in Tibet, a number of non-governmental organizations reported attacks on some of their users. The attacks were quite sophisticated in targeting users and had malware payloads that were missed by most anti-virus tools.

The SANS Internet Storm Center, a group of volunteers who track and report malicious activity on the internet, has an excellent diary entry that breaks down the methodology and tools used by the attackers.

The tradecraft described is essentially the same as any exploit payload attack. However, the description that M. van Horenbeeck, the author, provides of the email sent to entice the target is of a much higher level of effort than is typically seen.

There’s no answer to the RMB64,000 question: who did it? It could be one person, it could be a hacker group, or it could be a governmental organization. Some of the attacks were traced back to China, but others went to servers in the US, South Korea, and Taiwan. There’s no evidence of who did it, where they are from, and what their motivation was.

Rather than speculating I’ll let you pursue the conspiracy theory of your choice.

Comments

• Search for:

• Recent Posts

  • Catching Porn in China
  • Neuter Me This: iPhone China Rumor
  • IPv4 Doomsday: The Gods Themselves
  • Ma Fought the Law and the Pirate Software Manufacturer Won
  • Microsoft: A Stone Pecked by Two Birds
  • IPv6: Start the Doomsday Clock at 830 Days
  • China Mobile & iPhone: Minor Official Makes Timid Prediction
  • Corporate Warfare on the Internet
  • Gov to Web: Happy News it Up
  • Youku User Flagged As Inappropriate
  • The End of Mob Rule on the Internet in China? Hardly
  • Can the iPhone 3G Save TD-SCDMA?
  • Digital China Wants to Watch You
  • Kingsoft Sinks AV Pirates
  • Xiamen: We Don’t Need No Stinking WiFi

• Categories

  Select Category Apparatchiks Beijing Olympics Business Continuity China Business China Distribution China Hackers China Internet China Law China Online Games China SMB Cloud Computing Corruption Cyberespionage GFW Intellectual Property Malware Mobile RFID SaaS Security Software Piracy Uncategorized Wireless Networks

• Companies

  3Com Acer Alibaba AMD Apple Asus Baidu Bain China Mobile China Netcom China Telecom China Unicom Cisco Datang Dell Digital China E-House EMC Founder Gome Google H3C Haier HP Huawei Intel Kaspersky Kingsoft Lenovo Microsoft New China Unicom Nokia Red Flag Rising Sina Skype Sohu Sophos Suning Symantec Taobao Tencent Tippingpoint Yahoo ZTE

• Subscribe via Email

  Enter your email address:

  Delivered by FeedBurner

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
  • • RSS
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 

• Archives

  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007

• Blogroll

  • Caijing Online
  • China Herald
  • China Law Blog
  • China on Seeking Alpha
  • China Tech News
  • China Web 2.0 Review
  • Danwei
  • Dark Visitor
  • Frog in a Well
  • Ogilvy Digital China Watch
  • Pacific Epoch
  • Silicon Hutong
  • WSJ’s China Journal