China Engages in Apparant Cyber Warfare
According to the Register, China attempted to exploit a Zero-Day exploit in the Windows MetaFile vulnerability by sending HTML encoded emails to members of the House of Parlaiment. If the attack had worked, it would have likely installed a back door to the systems that would allow the Chinese to sap information or even remotely control the computers.
From the Register Here:
Chinese hackers attacked UK government targets during the Christmas holidays using the Microsoft Windows Meta File (WMF) exploit. The attacks – initiated before Microsoft’s patch against the vulnerability was released on 5 January – came in the form of contamination emails that originated in China, according to email filtering firm MessageLabs, whose clients include the UK government. It’s unclear if independent hackers or the Chinese government initiated the attack.
Contaminated messages posed as information about a secret rendezvous are were sent to around 70 people in parliament and elsewhere in the UK government, ZDNET reports. Attackers tried to dupe intended recipients into opening an infected attachment containing the WMF Setabortproc Trojan but the infected emails were blocked by MessageLabs’ email filtering system. Some of the attacks were aimed as departments in the UK government dealing with human rights abuses, The Guardian reports.
The WMF-themed attacks are the latest twist in an armada of specially crafted Trojan horse attacks dating back over a year. Last June the UK’s National Infrastructure Security Co-ordination Centre (NISCC) warned that approximately 300 UK government departments and businesses critical to the country’s infrastructure have been the subject of Trojan horse attacks, many reportedly originating in the Far East. “The attackers’ aim appears to be covert gathering or transmitting of commercially or economically valuable information,” NISCC warned.
Okay, the article won’t say whether or not this was from an independent hacker Group, or if this was the work of the Chinese Government. I will say this was the Chinese Government, and more specifically, the PRC Red Army. How can I say this? Well, since the penalty of cyber crime in China is DEATH, (see this for more info) I can say that the odds that this was non sactioned activity by a Chinese Citizen is very low. That would therefore mean that the Chinese Government is the most likely culprit in this situation.
And if this attempt failed, how often do the Chicoms succeed? And good job of MessageLabs in identifying the threat and eliminating it.
