Security News Malware Tied to China Spotted Attacking Taiwanese Government Networks

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
A malware campaign is targeting users on specific Taiwanese government network ranges, using compromised websites and networks to install a backdoor malware, a new variant of IXESHE.

Security firm Zscaler dubbed the entire web-based campaign CNACOM, and said that it appears to be related to APT12, a well-known Chinese government-backed actor more commonly associated with spear-phishing attacks.

On November 7, the Zscaler team spotted a malicious injection on the registration page of a major Taiwanese public service website.

“An iframe was injected into the footer of the page, which then loaded a unique landing page containing the CVE-2016-0189 exploit code,” researchers explained in a technical analysis.

When a user visits the compromised website, the infected iFrame sends the user to an attack landing page, where fingerprinting code confirms that the user is on the targeted network. The user's IP address is checked against Taiwanese government network ranges, and if the user is coming from one of nine targeted networks and is using any version of Internet Explorer, exploitation will be attempted.

Vulnerable users are infected with IXESHE, which collects user information like Windows username, hostname, local IP address and Windows version, and then goes on to establish persistence as a back door.

“IXESHE is a family of backdoor malware known to be utilized by an attack group identified by various names including the IXESHE label, APT12, Numbered Panda, and DynCalc,” Zscaler researchers said. “Unlike many historical IXESHE samples, it appears that this variant doesn't utilize campaign codes embedded in the malware itself. This may be due to a more centralized tracking system that only relies on the malware reporting a machine ID.”

Read More. Malware Tied to China Spotted Attacking Taiwanese Government Networks
 

Axelrod Sven

Level 3
Verified
Well-known
Feb 11, 2016
132
Without entering into political issues, these are targeted attacks, cyber-war, spy-war, but the word "war" is a common denominator.
Well said! Animosity between China and Taiwan is nothing new... but it looks like China has stolen a march on most (if not all) countries in their world by locking out their internet and putting their fingers in everyone else's. Hmmm. Why won't the US or EU start retaliating yet, I wonder.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top