Cyber Spies have Microsoft TechNet used to control infected computers. TechNet is a Microsoft portal where IT professionals can find all kinds of information and documentation for Microsoft products. There is also a forum there for questioning.
A group of cyber spies, according to the American security company FireEye from China operated TechNet used to control infected computers. Forum topics and sections were coded IP addresses hidden. The infected computers used to connect to TechNet and were able to identify the IP address which they then had to connect.
This would make it difficult for network administrators to detect an infection or the actual location to figure out the Command & Control server who opted infected computers. FireEye notes that TechNet itself has not been hacked, but there just was placed on a public information forum. The use of well-known websites such as Twitter , Evernote and Dropbox malware is already longer.
After FireEye Microsoft and the tactics of the attackers had discovered the IP addresses in the forum topics and sections were replaced by IP addresses of American companies. In addition, the board accounts were locked so that cyber spies could not change the custom IP addresses. In this way FireEye and Microsoft could identify the victims of the spying campaign.How many organizations victim of this group were infected and how they were let security know.
No comments:
Post a Comment