Slash Boxes

SoylentNews is people

posted by cmn32480 on Saturday July 30 2016, @08:57AM   Printer-friendly
from the patch-your-software dept.

Arthur T Knackerbracket has found the following story:

A cyberespionage group known for targeting diplomatic and government institutions has branched out into many other industries, including aviation, broadcasting, and finance, researchers warn.

Known as Patchwork, or Dropping Elephant, the group stands out not only through its use of simple scripts and ready-made attack tools, but also through its interest in Chinese foreign relations.

The group's activities were documented earlier this month by researchers from Kaspersky Lab, who noted in their analysis that China's foreign relations efforts appear to represent the main interest of the attackers.

In a new report [ecmascript required] Monday, researchers from Symantec said that the group's recent attacks have also targeted companies and organizations from a broad range of industries: aviation, broadcasting, energy, financial, non-governmental organizations (NGO), pharmaceutical, public sector, publishing and software.

While most of Patchwork's past victims were based in China and Asia, almost half of the recent targets observed by Symantec were based in the U.S.

The group uses a legitimate mailing list provider to send newsletter-like emails to its intended targets. The rogue emails link to websites set up by the attackers with content related to China. Depending on the industry they operate in, victims receive links to websites with content relevant for their business.

The rogue websites have links to .pps (PowerPoint) or .doc (Word) files hosted on other domains. If downloaded and opened, these files attempt to exploit known vulnerabilities in Microsoft Office in order to execute rogue code on users' computers.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @05:38PM

    by Anonymous Coward on Saturday July 30 2016, @05:38PM (#381994)

    "Looking" means decoding and rendering at the very least, and both of those steps require code to parse supplied data. Since code+data mix in x86, bugs in the (minimal) decode and render steps can introduce data to codespace.

    You out your noobness by thinking that it's possible to reverse engineer and remove all the bugs from MS products. Millions of lines of code. Shoulders of giants (libraries). Go clean up Firefox if it's so easy.

  • (Score: 0) by Anonymous Coward on Saturday July 30 2016, @11:27PM

    by Anonymous Coward on Saturday July 30 2016, @11:27PM (#382097)

    Hey, have you hit on a defense against malware? What if we had Harvard architecture cpus with separate program and data memory, would that make it easier to keep the crap out? []

    It's not like memory is expensive anymore, I'd be happy to buy 2x the memory if it was easier to defend against attacks.