Posted on | August 2, 2013 | 3 comments
LAS VEGAS — A Beijing-based hacking combine that has broken into hundreds of company networks — and continues to do so with near impunity — may have a tougher go of it from here on out.
That¹s because here at the Black Hat Conference researchers from DellSecureWorks disclosed evidence that helps fingerprint the handy work of one of the top two cyber espionage gangs operating out of China.
Dell SecureWorks calls them the Beijing Group, , so-named for the location of the IT infrastructure they use to pull off their hacking campaigns.
The Beijing Group’s quirks and one of their most successful pieces of malicious software, called Comfoo, have been painstakingly flushed out by Don Jackson and Joe Stewart, veteran researchers at Dell SecureWorks¹ Counter Threat Unit, as well as other researchers, for the past 18 months.
Jackson and Stewart told CyberTruth they were taking the uncommon step of sharing these details publicly to help their fellow forensic experts worldwide more easily find and eradicate the Beijing gang¹s systemic spying.
“It¹s clear that this is an adversarial force with tremendous resources and capabilities,” Jackson says. “They¹re responsible for setting up a vast network of listening posts to try to shift the strategic advantage from one party to another.”
The Beijing Group was one of two hacking groups behind the 2010 deep hack of RSA SecureID, in which they stole the keys to decrypting one-time password tokens sold by RSA and used widely by defense contractors and others to limit access to sensitive accounts and databases.
In fact, this gang is one of two major China-based hacking combines that are widely tracked by security researchers and are known to have infiltrated hundreds of private companies and government organizations in the U.S., Europe and Asia.
Much of the Beijing Group’s capers have been aimed at organizations in Japan, India and South Korea. The attackers target trade organizations, telecommunications firms, think tanks, news media and even audio and videoconferencing manufacturers.
“This is more evidence of ongoing attempts to gather information from
sensitive places,” says Stewart. “They are getting into really important networks and monitoring and gathering information over a period of years.”