Chinese hackers have been using popular online message boards and forums to remotely activate malware that lets them infiltrate an organization’s network.
The tactic, which security researchers at FireEye dubbed “BLACKCOFFEE” in a new report, has potentially given the digital thieves access to troves of sensitive data. It also shows the increasingly clever ways Chinese cyber warriors are attacking.
{mosads}“The use of BLACKCOFFEE demonstrates threat actors’ evolving use of public websites to hide in plain sight,” FireEye said.
The hacking team behind the strategy, known as APT17, has long targeted U.S. government agencies, defense contractors, law firms, information technology companies, mining companies and nonprofits.
The researchers discovered the espionage campaign on Microsoft’s popular Web forum TechNet.
Using a well-known website like TechNet makes digital invaders harder to notice. Previously, FireEye said, hackers would normally place this remote activation code on easily compromised websites. They would also take over the whole website, making it stand out more to security researchers.
But by working through sites like TechNet, the hackers never have to compromise the site at all. In fact, TechNet’s security system was never breached, FireEye said.
APT17 and the Chinese are not the only ones employing this method.
“We have already observed threat actors adopting similar techniques and moving … activity to legitimate websites that they do not need to compromise,” the report said. “In the same vein, some threat actors have already begun using social media sites such as Twitter and Facebook for malware distribution.”
The report will certainly not help the already tense cybersecurity relationship between the U.S. and China. The two countries have repeatedly chafed over alleged hacking incidents in recent years.
The Obama administration is stepping up its public outing of Beijing’s digital intellectual property theft campaign. Meanwhile, Chinese officials accuse the U.S. government of widespread invasive snooping.
The tensions have caused the two sides to disband an official cybersecurity working group.