These 175 phishing messages were received over the course of 18 months by one recipient, who also happens to be a former Taiwan government official and an expert on China. The recent exploits used are mostly CVE-2010-3333 and CVE-2011-0611 and CVE-2010-2883 but you will find a good variety, as well as a lot of RAR files with RTLO and exe. The senders and the recipient are in Asia so these document give you a good idea about the phishing landscape there (in many ways it is similar to what you see in USA, for understandable reasons).

There might be a few documents that are not malicious, esp. image files.

The first folder inside zip contains files named as DATERECEIVED_NAME.EXT and the second has the same files named DATERECEIVED_SENDERADDR_SUBJECT_NAME.EXT.

For the full article, see here.

Chinese regulators, often criticized both in and outside of China for manipulating public opinion by interfering with the flow of information online, have shut down 6,600 websites in their efforts to clamp down on “illegal public relations deals” that employ similar tactics for commercial gain.

According to state-run newspaper China Daily, telecommunications authorities shut the websites down as part of a campaign against bad public relations practices launched in April by the State Internet Information Office, recently set up to oversee Internet regulation, and several other government agencies.

The websites involved “illegal groups which claimed to specialize in deleting online news stories and posts with negative influences or hiring other netizens to spread certain kinds of information or opinions on the Internet” for deals totaling more than 1.13 million yuan ($177,000).

For the full article, see here.

Chinese computer hackers, some linked to the military, engaged in an aggressive international campaign of electronic espionage through the Internet from 2003 through at least 2009, according to documents obtained by Inside the Ring.

The electronic spying campaign targeted large amounts of data and information from U.S. government and private sector networks, as well as from the French and German governments, other states and international organizations.

The documents, labeled “secret,” provide some of the first details to be made public on Chinese cyberspying and reveal a U.S. government program to monitor and halt the activity that was code-named “Byzantine Hades.”

The disclosure is the first official U.S. government report linking global computer hacking to China’s military.

For the full article, see here.

The advanced persistent threat (APT) attackers behind the newly revealed Operation Shady RAT also deployed a tool called HTran that helps disguise their location.

Joe Stewart, director of malware research for Dell SecureWorks’ counter threat unit research team, has been studying some 60 different families of malware used by APT attackers in their cyberespionage attacks. He recently discovered a pattern in which many of these attackers use HTran, written 10 years ago by a Chinese hacker, to hide their whereabouts. Stewart, who published research on the tool’s use today in APT malware, says the Operation Shady RAT attackers are among those who use the tool for camouflaging purposes.

McAfee today unmasked an APT-type attack campaign that has been ongoing worldwide for five years; the attack has stolen intellectual property from 70 government agencies, international corporations, nonprofits, and others in 14 countries.

For the full article, see here.

South Korea has blamed Chinese hackers for stealing data from 35 million accounts on a popular social network.

The attacks were directed at the Cyworld website as well as the Nate web portal, both run by SK Communications.

Hackers are believed to have stolen phone numbers, email addresses, names and encrypted information about the sites’ many millions of members.

It follows a series of recent cyber attacks directed at South Korea’s government and financial firms.

Details of the breach were revealed by the Korean Communications Commission.

It claimed to have traced the source of the incursion back to computer IP addresses based in China.

…

For full original article, see here

The Indian government is teaming up with Chinese tech giant Huawei to search imported smartphones and communications devices for signs of malware and spyware. However, some Indians are nervous because of Huawei’s close ties to the People’s Liberation Army and fear that the firm could be complicit in cyberattacks.

One journalist, Joji Thomas Philip of India’s Economic Times, calls it “rather like letting the fox in to guard the henhouse.”

Huawei recently opened a research lab at Bangalore’s Indian Institute of Science that will be expanded shortly. But opening a joint Indian-Chinese cybersecurity lab also presents problems for Huawei. The mobile-phone provider, which was named one of Fast Company’s Most Innovative Companies of 2010, will be operating in an environment where it will be easy for Indians to observe Huawei’s techniques and corporate goings-on.

The lab was reportedly opened by request of Indian intelligence services, who fear that foreign governments and corporations could use mobile-phone technology for espionage purposes. The lab’s tender requires it to test all imported mobile phones and handsets and equipment for built-in spyware and malware. It is not clear if the laboratory will also be involved in the testing of smartphone applications and for-purchase software for conventional mobile phones.

…

For full original article, see here

The flood of news of breaches against high profile organizations that Ron Deibert has dubbed Breachfest 2011 remains in full force. Last week, LulzSec broke into the U.S. Senate’s computer network and released files while publicly stating, “We don’t like the U.S. government very much,” adding, “This is a small, just-for-kicks release of some internal data from Senate.gov—is this an act of war, gentlemen?” The group also claimed responsibility for a distributed denial of service (DDoS) attack against the CIA’s public Web site and released 62,000 email and password combinations from an unknown source.

Rafal Rohozinski contends that the rise of political as opposed to profit-driven breaches is an indication of the “digital-native generation” flexing its muscles—expressing its political views and social values via online activism—that “hacking is a nascent form of politics”:

You’ve got this new generation of digital natives, generally people between the ages of 14 to 25, who have grown up with this technology. That generation is coming of age, so to speak, in terms of having political views, social values, and the way they’re starting to express that is through online activism.”

For instance, it is understood that Lulzsec defaced the PBS website in reaction to the PBS documentary “WikiSecrets.” A few weeks ago, Anonymous declared action against the IMF, in protest against the austerity measures demanded by the country’s IMF bailout and amid call from within the country for protests and a general strike on June 15th. On Monday, the two groups announced that they were going to join forces under the “AntiSec” banner under Operation Anti-Security to expose and oppose security profiteers and government intervention in cyberspace, through tactics such as DDoS attacks and gathering and leaking classified information from banks, high profile establishments, and governments. On Monday, the group launched a DDoS attack against the British Serious Organized Crime Agency, forcing it to take its site offline.

Last week, politically-motivated DDoS attacks were launched against the Web site of Belarusian President Alexander Lukashenko—organizers of the mass DDoS action announced it as a protest against the President for “pissing away such a country.” Meanwhile, the Syrian Electronic Army apparently motivated by patriotic sentiments continues to deface foreign Web sites. Last week, protests in Hanoi and Ho Chi Minh city over China-Vietnamese territorial dispute over the South China Sea spilled over into the cyberspace as hackers from both countries attacked and defaced each others national Web sites, including government portals. Yesterday, a Brazilian “unit” of Lulzsec launched cyber attacks on the Web site of the Brazilian Presidency, rendering the Web site inaccessible. It also launched an attack against the Web site of the oil company, Petrobras, claiming, “Wake up Brazil! We no longer want to buy gas at 2.75 to 2.78 reals ($1.73 to $1.75) and export for half of that price!”

As Ron Deibert has pointed out, the culmination of recent online attacks—including, the high profile attacks on the IMF—has had the effect of forcing people and governments to seriously start thinking about the lack of proper security in the Internet’s infrastructure. It has been reported that companies are now taking out cyber insurance worth hundreds of millions of dollars, while cybersecurity companies are slated to be a key focal point on Wall Street. Meanwhile, in the US, the National Security Agency is now actively working with Internet carriers (AT&T, Verizon and Century Link) to deploy new tools which will scan emails and online traffic in order to prevent cyberattacks against 15 defense firms, including the recently breached Lockheed Martin, and Northrop Grumman. As this Washington Post article points out, the pilot program has been praised as an “elegant solution” to the ongoing problem of how to use the agency’s expertise while avoiding domestic government surveillance on private Internet traffic.

Nonetheless, Deibert remains concerned that in attempting to manage online threats, governments may take the wrong approach—through building borders and asserting control by cracking down on anonymity and blocking access.

There is no cyber warfare taking place between China and the United States, a senior Chinese official said on Wednesday, after weeks of friction over accusations that China may have launched a string of Internet hacking attacks.

The two countries might suffer from cyber attacks, but they were in no way directed by either government, Vice Foreign Minister Cui Tiankai told a small group of foreign reporters ahead of a meeting with U.S. officials in Hawaii this weekend.

“I want to clear something up: there are no contradictions between China and the United States” on the issue of hacking, Cui said.

“Though hackers attack the U.S. Internet and China’s Internet, I believe they do not represent any country,” he added.

Both countries were in fact already discussing the problem of hacking during their regular strategic consultations, Cui said.

“The international community ought to come up with some rules to prevent this misuse of advanced technology,” he added.

…

For full original article, see here

The United States and China need to reach an agreement to restrict cyber attacks and designate some areas as off limits to hacking, two former senior U.S. officials said on Tuesday.

Henry Kissinger, an architect of the opening of U.S. relations with China in the 1970s, told a Thomson Reuters event that Washington and Beijing both had significant espionage capabilities and the key was finding a way to discuss them.

Jon Huntsman, the former U.S. ambassador to China, likened raising cyber attacks with Beijing to the challenge of discussing missile defense and the military use of space — issues that are also highly sensitive to the Chinese.

“At some point, we are going to have to develop a context in which we can actually discuss this and, I would think, draw some red lines around areas that we don’t want them into and they might not want us into,” said Huntsman, who left China in April to plan his presidential election campaign, and was speaking at the same event.

Their calls for a cyber detente follow a blitz of hacking attacks on major U.S.-based institutions in recent weeks, including the International Monetary Fund, the Senate, and companies such as Citigroup and Lockheed Martin.

…

For full original article, see here

Computer hackers from Vietnam and China have attacked websites including portals run by each other’s governments, amid a sea-border row.

The hackers replaced content on the sites with abuse and national symbols.

Vietnam’s Prime Minister Nguyen Tan Dung said his country’s claims to territory in the South China Sea were incontestable.

Chinese officials later warned other Asian nations to halt exploration for minerals in the area.

Both sides claim ownership of islands in the South China Sea.

The Philippines, Malaysia, Brunei and Taiwan also have rival claims in the area.

…

For full original article, see here