Stealthy Chinese Hackers Cook Up Previously Unseen Malware


Ted McKendall

Over the years, Chinese hacking has been notorious – from the infamous PLA 61398 cyber-espionage group (aka APT1) to reports of bold attacks on critical infrastructure, such as stealing intellectual property (IP) from the Israeli Iron Dome missile defense system, terabytes of undersea warfare data from a US navy contractor, and 630,000 files from Boeing on the C-17 plane (the third most expensive the Pentagon has ever developed). The Chinese have long been considered among the most prolific and skilled hackers in the world.

But a new report from IntSights ahead of the Black Hat information security conference suggests that China’s hacking expertise goes far deeper, with a developing underground of carders (credit card fraudsters), drug dealers and malware writers prospering in the face of a government-controlled Internet, which bans VPNs, Tor and cryptocurrencies.

This report gives rare insight into the use of the dark web, how criminals look to circumvent government laws, and their primary uses and motivations for providing black market goods. It also details the threat landscape and government attitudes to cyber activity – a key point considering the notoriety of China’s state-sponsored groups.


Chinese Tactics Out of the Ordinary

Although focusing broadly on the far east, the report goes in-depth on the Chinese scene, where it says many criminals are not even bothering to use the dark web or openly-accessible anonymous networks.

Here, the hacking community has risen in spite of supposed governmental control of the Internet. For instance, while the Chinese government (and its famous firewall) blocks access to the Tor network, which provides greater anonymity by encrypting browsing traffic through a worldwide network of nodes, IntSight’s report indicates that hackers are offering illegal goods on the ‘clear’ web. It’s speculated that this is because selling openly on the web allows for higher profits and greater access for customers, although it does raise the question around obfuscation. In short, how do they get away with it?

The generally held view here is that the Chinese government’s attempt to rule the web with an iron fist is made impossible by a population that has swollen to some 772 million internet users. As such, policing illegal activity can be incredibly difficult – and hence the evolving criminal tactics.

However, there are also questions around the close ties between criminal groups and government. As evidenced by this report, criminal groups appear to be working around governmental controls. However, there is evidence that these groups may sometimes go rogue – some of these may be state-sponsored and acting on behalf of government interests.


Chinese Hacking Forums Offer Malware and DDoS Attacks at Bargain Prices

Chinese hacking forums are teeming with the same kinds of materials you can find on western forums – buyers can purchase drugs, forged documents, and stolen personal data (e.g., details of bank accounts and credit cards).

As expected, there’s also a wide array of hacking tools, such as malware readily available. But it’s important to note that there are many variants that security researchers haven’t seen before. It seems that Chinese hackers don’t recycle or repackage as much malware as criminals do in western countries. This is especially worrying news because even recycled variants are often able to evade the traditional defense mechanisms (antivirus, IPS, IDS) employed by most organizations worldwide.

These forums also go beyond offering the tools, offering hacking services too, including distributed denial-of-service (DDoS) attacks. The IntSights team found one service advertising an attack stream of 500 Gbps, with a relatively paltry fee of $730 per month allowing for “unlimited attacks”. As the IntSights’ team pointed out for perspective, this is the equivalent price of about two hours of security consulting.

The one saving grace is that most vendors in China do not do business with international buyers, and even fewer will so much as respond to those who do not communicate in Chinese, so the samples are relatively contained. However, you can’t help but feel that China is a Pandora’s box ready to be opened.


Protector Air Is Future-proofed Against Unknown Malware

In summary, we now know that in China there are strains of malware unknown to western researchers that are cheap and easy for the public to access and may possibly have state backing. This is worrying news for all businesses (see our recent blog on nation-state attacks increasingly targeting businesses). It also makes it all the more important that businesses adopt security solutions that are not reliant on the malware being known and identifiable. Antivirus is already failing to keep up with recycled malware variants – there’s no doubt it’s going to fall flat against these exploits.

At Trusted Knight, we have used our expertise of malware to develop a modern approach to keep businesses safe. Our patented Protector Air product does not fight individual malware strains, it focuses on each user transaction and prevents all malware from compromising the integrity of those transactions. In our increasingly digital world, filled with increasingly complex new threats, this approach has never been more valuable.

To learn more about Protector Air, click one of the buttons below.

Request a Free Trial Download Whitepaper Now