Microsoft has taken steps to stop a China-based hacking group from using its TechNet website as part of its attack infrastructure, according to security vendor FireEye.
The group, which FireEye calls APT (advanced persistent threat) 17, is well-known for attacks against defense contractors, law firms, U.S. government agencies and technology and mining companies.
TechNet is highly trafficked website that has technical documentation for Microsoft products. It also has a large forum, where users can leave comments and ask questions.
APT17—nicknamed DeputyDog—created accounts on TechNet and then left comments on certain pages. Those comments contained the name of an encoded domain, which computers infected by the group’s malware were instructed to contact.
The encoded domain then referred the victim’s computer to a command-and-control server that was part of APT17’s infrastructure, said Bryce Boland, FireEye’s chief technology officer for Asia-Pacific.
Read the Full Article: Source – PC World
http://www.pcworld.com/article/2922612/chinabased-hackers-used-microsofts-technet-for-attacks.html
Leave a Reply
You must be logged in to post a comment.