#AceSocialNews – Featured Report: China:May.15: Chinese hackers have been using Microsoft’s TechNet website to hide malware attack controls used to carry out assaults on all manner of different groups.
Web security firm FireEye reports that the APT (advanced persistent threat) 17 group has been hiding encoded domain names in the comments section of the forum on the popular Microsoft technical documentation site.
The group created accounts to leave the comments and when computers infected by APT17’s malware visited the pages they contacted the domains that then pointed the computers in the direction of a command-and-control server owned by APT17.
“Given its effectiveness, we anticipate that this encoding and obfuscation will become a truly pervasive tactic adopted by threat actors around the world. However, by working closely with companies like Microsoft and targeted organisations to develop threat intelligence, we can assist security professionals and disrupt these activities,” said Laura Galante, manager of threat intelligence at FireEye.
Chinese hackers secretly use Microsoft TechNet for malware assault