[ISN] Researchers unearth more Chinese links to defense contractor attacks

From: InfoSec News <alerts_at_private>
Date: Mon, 30 Jan 2012 00:24:07 -0600 (CST)

By Gregg Keizer
January 27, 2012

Researchers with Symantec have uncovered additional clues that point to 
Chinese hacker involvement in attacks against a large number of Western 
companies, including major U.S. defense contractors.

The attacks use malicious PDF documents that exploit an Adobe Reader bug 
patched last month to infect Windows PCs with "Sykipot," a 
general-purpose backdoor Trojan horse.

According to findings published Thursday by Symantec's research team, a 
"staging server" used by the attackers is based in the Beijing area, and 
is hosted by one of the country's largest Internet service providers, or 

Symantec did not identify the ISP.

The staging server stores new files, many of them malformed PDFs, that 
are used to infected machines. Symantec found more than 100 malicious 
files on the server; many had been used in Sykipot campaigns.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Sun Jan 29 2012 - 22:24:07 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 22:25:58 PST