Home / Channel / Comment Crew may be using new hack techniques

Comment Crew may be using new hack techniques

A group of Chinese hackers called the ‘Comment Crew' have resumed their attacks against dissidents. FireEye, a security organisation who specialise in stopping sophisticated attacks have documented attackers who are using a new set of tools and evasion techniques. The company cannot name their clients but Rob Rachwald, director of Market Research for FireEye said that their clients include an organisation in Taiwan.

The Comment Crew are a well known group of hackers, made famous for their attack on the New York Times. Organisations opposing Chinese government policies have frequently been targeted by hackers.

PCWorld add “The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven't gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn't stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.”If you look at it from a chronological perspective, this malware hasn't been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”

FireEye researchers Nart Villeneuve and Ned Moran detailed the new techniques on their Monday blog at FireEye.
cartoon

They said “The newest campaign uses updated versions of Aumlib and Ixeshe.Aumlib, which for years has been used in targeted attacks, now encodes certain HTTP communications. FireEye researchers spotted the malware when analyzing a recent attempted attack on an organization involved in shaping economic policy.

And a new version of Ixeshe, which has been in service since 2009 to attack targets in East Asia, uses new network traffic patterns, possibly to evade traditional network security systems.

The updates are significant for both of the longstanding malware families; before this year, Aumlib had not changed since at least May 2011, and Ixeshe had not evolved since at least December 2011.”

Encryption is being used now to hide certain components of the program's networking communication according to Rachwald. He said that it is strongly believed that the Comment Crew are behind the new attacks given their previous use of Aumib and Ixeshe.

Kitguru says: The group has also re-engineered their attack infrastructure over the last few months, so it is hard to be completely sure.

Become a Patron!

Check Also

Game Freak confirms data breach following massive Pokémon leak

Following a massive number of Pokémon leaks, including source code, Game Freak has confirmed a data breach. The leak includes Game Freak employee information.

2 comments

  1. unfortunately we cant believe **** these people are saying because they have been blaming china for years, but when snowdon brought his information out in the light it was the other way around so maybe they are just playing mind games, or shifting the blame to make them look like the bad guys again. i say if china did do it, do it again and again and make them ********* pay!

  2. Even if it was china’s doing, I still don’t agree with their policy. A chinese nobel prize winner for peace had his wife imprisoned? That’s something I don’t want happening. However, seeing america’s security programs, I don’t want to see those either. There should be no power or abuse will take place.