Chinese Hackers Dangle PRISM Secrets to Snare Victims
The Jinshanling section of the Great Wall of China, about 80 miles northeast of Beijing.
CREDIT: Jakub Halun/Creative Commons
Chinese cybercriminals are taking advantage of the global outrage over the National Security Administration's widespread electronic surveillance program to sneak espionage malware onto your computers.
The group behind these attacks is a recently uncovered cyberespionage organization with ties to the Chinese government. This group uses a type of espionage malware called NetTraveler to spy on the computers of targeted individuals in the United States, Tibet, India, Russia and elsewhere around the world.
Recently, the group has started sending emails with subject lines like "CIA's PRISM Watchlist." The intention is to trick recipients into downloading the attached documents, which contain the NetTraveler malware.
These types of tricks have been NetTraveler's modus operandi for years now: The cybercriminals send emails to targeted individuals and groups from authentic-seeming addresses with attached Microsoft Office documents. These emails have attachments with relevant-sounding names that try to capture the recipient's attention.
Opening these documents gives the malware embedded within themaccess to your computer, effectively creating a back door through which NetTraveler's operators can gain access to your information. The malware also copies documents on the infected computer, including Word, Excel, PowerPoint, PDF and autoCAD files, and sends them to remote command-and-control servers operated by the cybercriminals.
NetTraveler was discovered earlier this month by Kaspersky Labs, a Moscow-based security firm famous for unearthing complicated spyware.
The criminals responsible for NetTraveler don't seem too concerned that Kaspersky Lab has found them out, though. They haven't changed a thing about their malware, except to take advantage of the global concern over NSA surveillance and PRISM to try to trick a few more gullible people.
[See also: How PRISM Sends Your Private Data Overseas]
These new attacks were discovered by Brandon Dixon of the security blog 9bplus.
"It’s funny to note that these actors are keeping up with their same techniques and infrastructure … despite being 100% outed," he wrote on the blog. "Again, this sort of behavior shows poor operational security or a complete lack of care."
All in all, these criminals are using a pretty lazy technique that can be easily prevented by a software update, anti-virus software, or plain old common sense. Microsoft has even released a patch that blocks this kind of malware, so if you update your software, your computer will be protected. Still, it's never a good idea to download, preview or otherwise engage with email attachments from unknown senders.