Franchising The Chinese APT

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/vulnerabilities---threats/advanced-threats/franchising-the-chinese-apt/d/d-id/1315660

By Kelly Jackson Higgins
Dark Reading
9/11/2014

Two Chinese cyber espionage gangs known for targeting very different 
industries and working out of different regions of the nation actually use 
some of the same or similar tactics, tools, and resources in their spying 
operations, researchers found.

Such collaboration and resource sharing has not typically been the MO 
among Chinese cyber espionage groups, and this could indicate an evolution 
in the nation's cyberspying operations toward more organized, streamlined, 
and cooperative operations, according to FireEye, which studied the inner 
workings of the groups.

"They use similar malware implants, backend infrastructure, and similar 
social engineering techniques. But they are distinct based on their 
mission focus and locations," says Thoufique Haq, senior research 
scientist at FireEye. "It's quite possible they are subgroups with their 
own mission focus."

The so-called Moafee gang, which targets military and government entities 
such as the US defense industry, and the DragonOK gang, which targets 
high-tech and manufacturing companies in Japan and Taiwan, operate out of 
different regions in China and constitute separate groups, researchers 
say. Moafee appears to operate out of Guandong Province, and DragonOK 
appears to operate out of Jiangsu Province.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/