This article is more than 1 year old
Hong Kong hacks hacked in democracy protest yap flap
Beijing Someone in China casts baited lede hooks into news room feeding frenzy.
Chinese hackers who previously popped Western financial firms are now using Dropbox to target Hong Kong based journalists, FireEye says.
The group, suspected to be an outfit known as "admin@338", is using the cloud service to host command and control for its infection operations.
Its attacks drop the backdoor payload dubbed Lowball delivered through an old and since-patched Microsoft Office vulnerability (CVE-2012-0158) communicating over secure sockets to Dropbox.
FireEye researchers say the targeting of Hong Kong scribes is not out of character for the group or hackers based in China.
"The group started targeting Hong Kong media companies, probably in response to political and economic challenges in Hong Kong and China," the researchers say .
"The threat group’s latest activity coincided with the announcement of criminal charges against democracy activists."
"The media organisations targeted with the threat group’s well-crafted Chinese language lure documents are precisely those whose networks Beijing would seek to monitor."
Some 50 individuals have been targeted. The company tells El Reg the phishing emails went straight to editorial departments.
They say the attacks if perpetrated by state-supporting attackers could provide Beijing with "advance warning on upcoming protests, information on pro-democracy group leaders, and insights needed to disrupt activity on the internet".
Phishing emails were sent to newspapers, radio, and television stations, that sported references to the anniversary of the 2014 Umbrella Movement protests in Hong Kong and alleged fears by a Hong Kong University alumni organisation that a Vice-Chancellor appointment may be hijacked by pro-Beijing interests.
The group has previously attacked financial services firms in Western countries. ®