Re: Now the Chinese Are Hacking Us Through Our Limos

[InfoSec News <alerts () infosecnews org>]

Forwarded from: security curmudgeon <jericho (at) attrition.org>

"Us"? Or just Mandiant for very obvious reasons...

On Tue, 15 Oct 2013, InfoSec News wrote:

: 
http://killerapps.foreignpolicy.com/posts/2013/10/11/always_watching_how_chinese_hackers_combine_old_and_new_espionage_tactics
:
: By John Reed
: Foreign Policy
: October 14, 2013
:
: Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo
: rides. Normally, his limo company emails him PDF copies of his invoices after
: every trip. Recently, though, something changed.
:
: "I've been receiving PDF invoices not from them, but from an [advanced
: hacking] group back in China; that's awesome," said Mandia in D.C. recently.
: He only caught the attack when the hackers sent receipts on days when he
: hadn't used the car service. "I forwarded them to our security service, and
: they said, 'Yup, that's got a [malicious] payload.'"
:
: Emailing a malicious file from a fake or hijacked email account belonging to
: the acquaintance of a hacker's target is a famous cyber-espionage tactic
: called spearphishing.
:
: Hackers often search Google or social media to find the names of their
: target's friends and co-workers. They then create a fake email address in the
: name of a friend or coworker and fire off carefully written emails containing
: malware to their target.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/