FireEye Study: Chinese Hacker Group Uses Obfuscation Method to Target Websites

cyber hack network computerFireEye has collaborated with Microsoft to analyze a command and control obfuscated tool that attempted to compromise the security of a Microsoft-run information technology community portal.

FireEye said Thursday it determined that the China-based hacker group APT17 employed an obfuscation method to encode C2 communications on Microsoft TechNet website’s profile pages and forum threads.

Hackers used the online forum to host Internet protocol addresses that would send a Blackcoffee malware program to C2 servers, according to FireEye.

“This latest tactic by APT17 of using websites' legitimate functionalities to conduct their communications shows just how difficult it is for organizations to detect and prevent advanced threats,“ said Laura Galante, manager of FireEye’s threat intelligence group.

According to the company, APT17 has also targeted websites across the defense, IT, mining and legal sectors and used Google and Bing search engines to hide the group’s malicious activity.

You may also be interested in...

Gray Eagle ER UAS

General Atomics Demos Gray Eagle UAS for JTAC Operations

General Atomics’ aeronautical systems business assessed how the Gray Eagle Extended Range unmanned aircraft system could help advance sensor-to-shooter capabilities during a technology demonstration in late April at Yuma Proving Grounds in Arizona. A joint terminal attack controller captured the sensor field of regard, video and aircraft location using an Android Team Awareness Kit and digitally transmitted ‘call for fires’ on various targets by controlling the electro-optical/infrared sensor aboard the Gray Eagle platform during the April 23 demo.

Booz Allen Hamilton

Booz Allen Signs Up for Global Radio Network Access Consortium

Booz Allen Hamilton has become one of the industry members of the O-RAN Alliance, which promotes interoperability and openness in radio access network architectures. The company said Thursday it will support the RAN industry's efforts to integrate and secure networks through membership in the global consortium.


Box to Provide HHS With Cloud Content Management Platform

The Department of Health and Human Services will use a Box Inc.-developed cloud content management technology in an effort to ensure security and privacy of sensitive information during health services delivery and to identify new ways to work in the cloud.