IT security company FireEye has released results of research into a recent campaign carried out by a Chinese cyber threat group the company referred to as “admin@338” targeting Hong Kong-based media organizations.
According to the US-based company, the group sent spear phishing emails in August 2015 about newsworthy developments with malicious attachments to Hong Kong-based media organizations, including newspapers, radio, and television outlets.
FireEye Asia-Pacific chief technology officer, Bryce Boland, said journalists in Asia are routinely subject to targeted cyber attacks.
“They are dependent on information from many different sources, which makes them easy to target. The information journalists have and the identity of their sources can be valuable intelligence. Without adequate technological defences, they make easy victims,” he said.
The group used malware called LOWBALL which exploits Dropbox for command and control purposes. FireEye said its researchers alerted Dropbox to the group’s activities and the Cloud storage provider blocked the access token used by LOWBALL. The security firm claimed this disrupted the group’s command and control capabilities in all observed versions of the malware.
FireEye claimed it observed targeted attacks by multiple Chinese threat groups on journalists at international and domestic media organizations in Asia. These attacks have often focused on Hong Kong-based media, particularly those that publish pro-democracy material. Journalists located in Taiwan, Southeast Asia, and elsewhere in the region have also been targeted.
FireEye said it has tracked admin@338’s activity since 2013 and the group has largely targeted organizations involved in financial, economic, and trade policy. The company first observed the group targeting media outlets in April 2015.
The group’s previous activities against financial and policy organizations have largely focused on spear phishing emails written in English, destined for Western audiences. FireEye said this campaign was directed at those who read the traditional Chinese script commonly used in Hong Kong.
This story, "Chinese cybercriminals found targeting journalists in Asia" was originally published by ARNnet.