Japan VS China Jinan Cyber War Attacks
Seculert malware research professionals have recently uncovered Chinese malware directed to the Japanese government... specifically a spear-phishing threat... that is also the same geographical location from which the recent Google attacks were deployed. These highly targeted malware were definitely from China. They were back-traced to the region that's believed to be the origin of the Project Aurora assault as well. The modus operandi is the same (a spear-phishing campaign using infected PDFs), so it's not a stretch of the imagination to believe that Project Aurora and these attacks on Japan government websites are done by the same person or the same hacker group.
According to Seculert CTO Aviv Raff
Aside from having the same MO.
The PDF-based spear-phishing attack was also found to report back to a Chinese IP address with the same site as the previous aforementioned Project Aurora attacks. It's just the initial parts of a major hack attack, Raff suspects. At first, it was believed that a Korean location was the origin of the malware, because some of its samples that communicated with government websites from Japan were reporting back to Korea. Nevertheless, the IP address 188.8.131.52... which originates from the Shandong Province capital of Jinan in China... was also contacted by the malware sample.
This is a huge break on this cyber criminal case because an irrefutable connection has finally been established between a long-running cyber attack to another one. It was only after the malicious software linked with the new server that it would try to acquire a new payload, which suggests that the Chinese IP truly is the location where the mastermind for this cyber attack is hiding. Raff also claims that the exploit took advantage of the recently patched Java vulnerability previously reported in the article, "Purloined Certificate Included Malicious Java Software". It also came in the classic hacker "email attachment" method of delivery.
Jinan is believed to be Vice City
Central when it comes to Chinese cybercrime.
Particularly when it comes to attacks of the spear-phishing method. Then again, Jinan (the place) shouldn't be held responsible for the cybercrimes committed by those headquartered in the Shandong Province Capital. The people that should be blamed is the gang of mischievous pranksters out to hack China's most traditional enemies, the United States and Japan. The region of hackers even had the gumption and moxie to target Google and other e-businesses in order to complete its mysterious Project Aurora scheme. Google was so affected by the cyber attacks from these online outlaws and virtual villains that it had to relocate to Hong Kong altogether and pulled out from its headquarters in China.
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.