FireEye Study: Chinese Hacker Group Uses Obfuscation Method to Target Websites

cyber hack network computerFireEye has collaborated with Microsoft to analyze a command and control obfuscated tool that attempted to compromise the security of a Microsoft-run information technology community portal.

FireEye said Thursday it determined that the China-based hacker group APT17 employed an obfuscation method to encode C2 communications on Microsoft TechNet website’s profile pages and forum threads.

Hackers used the online forum to host Internet protocol addresses that would send a Blackcoffee malware program to C2 servers, according to FireEye.

“This latest tactic by APT17 of using websites’ legitimate functionalities to conduct their communications shows just how difficult it is for organizations to detect and prevent advanced threats,” said Laura Galante, manager of FireEye’s threat intelligence group.

According to the company, APT17 has also targeted websites across the defense, IT, mining and legal sectors and used Google and Bing search engines to hide the group’s malicious activity.

You may also be interested in...

John Coykendall Deloitte

Deloitte Selects John Coykendall to Lead Aerospace & Defense Sector; Paul Wellener Quoted

Deloitte has appointed John Coykendall, a principal at its consulting business, to lead the company’s U.S. aerospace and defense (A&D) sector within the U.S. industrial products and construction practice. Coykendall will also lead Deloitte's global aerospace and defense sector, succeeding Robin Lineberger, who will retire in May. 

Axonius

Axonius Secures $100M Private Funding for Portfolio Development, Market Expansion Efforts

Asset management platform maker Axonius has secured $100 million in private funding to support the company’s efforts to update its cybersecurity portfolio, Reuters reported Monday.

Lockheed GPS IIIF

Eric Brown: Lockheed Plans On-Orbit GPS Satellite Servicing Feature

Eric Brown, senior director of military space mission strategy at Lockheed Martin, said the company is updating its satellite bus for the U.S. Air Force's GPS III follow-on satellite platform to facilitate hardware updates in orbit, SpaceNews reported Friday.