Military Contractors Targeted in Chinese Attacks, Says F-Secure
A security vendor reports that internal systems of U.S. defense contractors have been targeted by hackers believed based in China.
Wed, January 20, 2010
Computerworld — The targeted cyberattacks apparently originating in China that hit Google and more than 30 other companies late last year are now targeting some U.S. defense contractors, according to security vendor F-Secure.
In a blog post this week, F-Secure Chief Research Officer Mikko Hypponen said the company has learned of instances where malicious PDF files were e-mailed to U.S. defense contractors last week. The PDF file was designed to look like an official Department of Defense document and contained information about a real Mission Planning User Conference to be held in Las Vegas in March, he aqdded.
A screen shot of the document pasted onto the F-Secure blog shows a very authentic-looking Air Force written Memorandum for Mission Planning International Community.
Opening the PDF document using Adobe (ADBE) Reader allows hackers to exploit a previously disclosed vulnerability in the doc.media.newPlayer function of the reader to install a backdoor on the user's system, Hypponen said. The backdoor connects to an IP address located in Taiwan. "Anybody who controls that IP will gain access to the infected computer and the company network," Hyponnen wrote.
The blog post did not say how many contractors were targeted with e-mails containing the poisoned PDF files, but noted that they were more recent than the attacks on Google (GOOG) and others. "While the 'Aurora' attacks against Google and others happened in December 2009, this happened just last week," he wrote.
On the surface at least, the attacks described by F-Secure appear to be similar to attacks last month on Indian government agencies and the country's National Security Advisor that were also said to originate in China. The Dec. 15 attacks also involved corrupted PDF files being e-mailed to targeted individuals within these organizations.
News of the attacks against the contractors comes in the wake of Google's bombshell announcement last week that it had been victimized by targeted attacks that appeared to have originated in China.
The attack on Google -- and more than 30 other technology companies -- last week prompted the U.S. State Department to say it will be lodging a formal complaint seeking an explanation from the Chinese government.
China itself meanwhile has denied any involvement in the alleged cyberattacks and called itself a victim of such hackers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan , send e-mail to firstname.lastname@example.org or subscribe to Jaikumar's RSS feed .