If you read one story today (besides this one, of course!) it should be The New York Times’ write-up of a just-released, 60-page report (PDF) on a Chinese hacking group known as APT1 by the security firm Mandiant. At a one level, the report doesn’t tell us anything we didn’t already know: APT1 is a professional, hacking crew that operates from within China and with the full knowledge and support of the Chinese Government. Most of us already suspected that. The report is worth reading for the depths of Mandiant’s research into APT \1 and the revelations of just how close the ties are to the Chinese government and, particularly, the People’s Liberation Army (PLA). Specifically: Mandiant is able to parse the findings of around 150 intrusions it has analyzed that are attributable to APT 1 – which is probably some small fraction of all the attacks the group has carried out. […]
Tag: China
Uncle Sam Needs A Plan: GAO Pans Govt. Cybersecurity Efforts in 100 Page Report
There’s been a lot of light and heat in the last week when it comes to the U.S. government and cyber security. After all, President Obama just released his Executive Order on cyber security, which puts an emphasis on identifying and protecting critical infrastructure and, just maybe, pushes the sprawling federal bureaucracy towards better security practices. But a just-released report from the Government Accountability Office (GAO) makes clear that, in the big scheme of things, the Executive Order is just window dressing on the mess that is the Federal Government’s handling of cyber security. The report, GAO-13-187 (PDF), is a round-up and updating of previous reports that studied aspects of federal cyber security as they affect a wide range of federal agencies. The GAO’s conclusion? Uncle Sam has made negligible progress towards improving the security of its information systems, and has little to show in key areas such as responding to […]
Bit9 Defends Response To Hack, Promises More Details
The security firm Bit9 defended its response to a hack of its own network last week and promised to release more information to the public about what happened – just not quite yet. In a blog post dated Saturday, February 9, the company’s CTO, Harry Sverdlove, said that the company responded promptly to the attack and contacted customers as soon as it completed its own investigation of the hack, which allowed unknown assailants to sign malicious programs using a Bit9 code signing server. That malware was subsequently released on networks of Bit9 customers. Sverdlove said the company’s “first and foremost priority was to inform our customers quickly and directly,” and that the company did so “as soon as we understood and had mitigated the attack, and we were able to provide actionable advice.” The blog post by Sverdlove, just a day after a post by Bit9 CEO Patrick Morley that disclosed […]
New Malware Takes ‘Extended Naps’ To Avoid Detection
It’s a truism that even the bleakest circumstances look a bit brighter after a good nap. Well, that wisdom isn’t lost on malware authors either. A newly discovered Trojan Horse program, dubbed Trojan Nap, is programmed to use extended sleep cycles to fool behavior based anti-malware tools, according to a report from the firm FireEye. In a blog post Tuesday, researchers Abhishek Singh and Ali Islam said the new malware has a function, dubbed SleepEx() that can be used to configure long “naps” that the malware takes after it is installed on a compromised system. The default value, 600,000 milliseconds – or 10 minutes – seems designed to fool automated analysis systems that are programmed to capture a sample of behavior for a set time frame. “By executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior,” FireEye said. Like other […]
You’ve Been Hacked By APT! (The Video)
The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]
