Chinese cybercriminals found targeting journalists in Asia

Chinese cybercriminals found targeting journalists in Asia

Group found to be targeting Hong Kong-based media organisations

IT security company, FireEye, has released results of research into a recent campaign carried out by a Chinese cyber threat group the company referred to as “admin@338” targeting Hong Kong-based media organisations.

According to the US-based company, the group sent spear phishing emails in August 2015 about newsworthy developments with malicious attachments to Hong Kong-based media organisations, including newspapers, radio, and television outlets.

FireEye Asia-Pacific chief technology officer, Bryce Boland, said journalists in Asia are routinely subject to targeted cyber attacks.

“They are dependent on information from many different sources, which makes them easy to target. The information journalists have and the identity of their sources can be valuable intelligence. Without adequate technological defences, they make easy victims,” he said.

The group used malware called LOWBALL which exploits Dropbox for command and control purposes. FireEye said its researchers alerted Dropbox to the group’s activities and the Cloud storage provider blocked the access token used by LOWBALL. The security firm claimed this disrupted the group’s command and control capabilities in all observed versions of the malware.

FireEye claimed it observed targeted attacks by multiple Chinese threat groups on journalists at international and domestic media organisations in Asia. These attacks have often focused on Hong Kong-based media, particularly those that publish pro-democracy material. Journalists located in Taiwan, Southeast Asia, and elsewhere in the region have also been targeted.

FireEye said it has tracked admin@338’s activity since 2013 and the group has largely targeted organisations involved in financial, economic, and trade policy. The company first observed the group targeting media outlets in April 2015.

The group’s previous activities against financial and policy organisations have largely focused on spear phishing emails written in English, destined for Western audiences. FireEye said this campaign was directed at those who read the traditional chinese script commonly used in Hong Kong.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags LOWBALLFireEyeHong Kongmalwarecybercrime is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments