We’ve all been there before: you unwittingly compromise your nation’s diplomatic security after a bunch of “CARLA BRUNI NUDE PICS XXX” email links turn out to be bait laid by Chinese hackers. Yawn.
It turns out that “Chinese hackers” (news agencies have had trouble expanding on that term) sent out email phishing attacks to countless European diplomats, who innocently clicked on the links just hoping for a handful of nudie-shots of the former French president’s wife. Instead, they got system-infiltrating malware software, mostly written in Chinese, as the NYTimes reports:
Once clicked, attackers were able to gain a foothold into their targets’ computer networks, though investigators said they were unable to see which files the attackers had taken. The closest they came was last August when FireEye’s [a computer security company in Milpitas, Calif.] researchers were able to infiltrate one of the group’s 23 command-and-control servers for one week. They could see that the server had breached 21 different targets, including government ministries in the five European countries.
They watched as attackers mapped out victims’ computer networks, searching for users with privileged access who would allow them entry into the computers of high value targets.
That glimpse gave researchers a rare window into the attackers’ techniques and clues to their origin. Their malware contained Chinese character strings and one Web page used to compromise computers was written in Chinese. They also used several machines to test their malware which used the Chinese language as the default setting.
If these reports turn out to be true, than Chinese hackers are significantly more crafty—and European diplomats significantly more horny/alone/stupid—than we had ever thought.