Stories
Slash Boxes
Comments

SoylentNews is people

Handheld Scanners with Malware used as Attack Vector by Chinese Hackers

posted by azrael on Saturday July 12 2014, @08:49PM   Printer-friendly
from the tricorder-malfunction dept.

kaszz writes:

Handheld scanners are installed with sophisticated malware by China-based threat actors in order to target shipping and logistics organizations all over the world says the security firm TrapX (report 15 MB PDF).

The attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory items they handle. The manufacturer installs the malware on the embedded Microsoft Windows XP devices.

Experts determined that the threat group target servers that stores corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after.

The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. One observed attack revealed that 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network.

Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and is physically located one block away from the scanner manufacturer, TrapX said. Another possible attack vector is of course the labels with printed binary data. Compartmentalized networks and a strict API enforcement gateway may be ways to combat threats like these.

 
This discussion has been archived. No new comments can be posted.
Handheld Scanners with Malware used as Attack Vector by Chinese Hackers | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by c0lo on Saturday July 12 2014, @10:02PM

    by c0lo (156) Subscriber Badge on Saturday July 12 2014, @10:02PM (#68261) Journal

    Yes, China seems to be caught red handed here, but I'm betting that more than one TLA does similar things (though probably via different attack vectors).
    This is war folks. A slow descent into indirect confrontations, and planting as many 'sleepers' as the landscape will tolerate.

    Conjectural "demonstration" - on the line of "Be afraid, be very afraid!". Why should I?

    Why you consider China such supermen? Why, in their case, Hanlon's razor suddenly cease to apply?
    This wouldn't be a first [h-online.com]

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Insightful) by Horse With Stripes on Saturday July 12 2014, @11:44PM

    by Horse With Stripes (577) on Saturday July 12 2014, @11:44PM (#68290)

    Why you consider China such supermen?

    Who said they were "supermen"? I'm pretty sure I said that the US is doing it too. In this case it is China (manufacturer and C&C). Malware == Malice. Now, if you think that China is being made a patsy for this I'll go get my deed to the Brooklyn Bridge.