Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Google

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2012/09/google-hacker-gang-returns/

By Kim Zetter
Threat Level
Wired.com
09.07.12

It’s been more than two years since Google broke corporate protocol by 
revealing that it had been the victim of a persistent and sophisticated 
hack, traced to intruders in China that the company all but said were 
working for the government.

And it turns out the hacker gang that hit the search giant hasn’t been 
resting on its reputation; it’s been busy targeting other companies and 
organizations, using some of the same methods of attack, as well as a 
remarkable menu of valuable zero-day vulnerabilities. The attackers used 
at least eight zero-days in the last three years, including ones that 
targeted the ubiquitous software plugin Flash and Microsoft’s popular IE 
browser.

Researchers at Symantec traced the group’s work after finding a number 
of similarities between the Google attack code and methods and those 
used against other companies and organizations over the last few years.

The researchers, who describe their findings in a report published 
Friday, say the gang -- which they have dubbed the “Elderwood gang” 
based on the name of a parameter used in the attack codes -- appears to 
have breached more than 1,000 computers in companies spread throughout 
several sectors -- including defense, shipping, oil and gas, financial, 
technology and ISPs. The group has also targeted non-governmental 
organizations, particularly ones connected to human rights activities 
related to Tibet and China.

[...]

--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/