{"id":594,"date":"2017-10-31T01:40:31","date_gmt":"2017-10-31T01:40:31","guid":{"rendered":"http:\/\/akademiye.org\/en\/?p=594"},"modified":"2017-10-31T01:53:40","modified_gmt":"2017-10-31T01:53:40","slug":"hackers-linked-to-chinese-government-used-mobile-malware-to-spy-on-ethnic-minority","status":"publish","type":"post","link":"https:\/\/akademiye.org\/en\/?p=594","title":{"rendered":"Hackers linked to Chinese government used mobile malware to spy on ethnic minority"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Autor : Chris Bing<\/div>\n
<\/div>\n
OCT 30, 2017 | CYBERSCOOP<\/div>\n
<\/div>\n
<\/div>\n

Security researchers say a hacking group likely\u00a0linked to the<\/a>\u00a0Chinese government is conducting targeted surveillance against a Chinese ethnic minority, known as the Uyghurs, through the deployment of sophisticated mobile malware, according to\u00a0new evidence published<\/a>Friday by U.S. cybersecurity firm Lookout.<\/p>\n

The attackers are associated with a known Chinese threat actor previously codenamed \u201cScarlet Mimic\u201d\u00a0by security researchers with Palo Alto Networks<\/a>, according to Michael Flossman, a senior security researcher with Lookout.<\/p>\n

Based on separate research by Palo Alto Networks\u00a0and ThreatConnect<\/a>, Scarlet Mimic\u2019s past operations have followed closely with the interests of the Communist Party of China. The party remains worried about the potential for rebellion in the highly contested Xinjiang region, where the majority of the Uyghur population lives.<\/p>\n

Lookout\u00a0found a series of booby trapped Android applications<\/a>designed for Chinese users \u2014 a SIM Card Management, \u201cPhone Guardian\u201d and Google Searcher program \u2014 which carried the same hidden spyware, named JadeRAT. Some of the titles for these malicious apps, as they originally appeared on victims\u2019 devices, carried specific references to \u201cUyghur\u201d in Chinese characters.<\/p>\n

\u201cThe use of Uyghur as an app title in several instances suggests this minority is likely one of the groups being targeted by JadeRAT operators,\u201d Flossman told CyberScoop. \u201cWe\u2019ve seen other Android surveillanceware families being used in the region that include Uyghur specific references in their titles and also trojanize a similar set of messaging apps like Telegram, Voxer, and Viber.\u201d<\/p>\n

Flossman said he discovered the connection between JadeRat and Scarlet Mimic by studying similarities that existed in the hacking group\u2019s other, known espionage tools.<\/p>\n

\u201cAfter public reporting around MobileOrder, a surveillanceware tool previously attributed to Scarlet Mimic, we saw its use tail off however observed several other families emerge that had some overlap around the apps they trojanised, the likely groups they targeted, their capabilities, and to some extent their implementation,\u201d Flossman described. \u201cJadeRAT was one of those families.\u201d<\/p>\n

The trojan allows for hackers to access, review and siphon data related to a person\u2019s communications, software usage and GPS location. Technical indicators within these apps provided clues for researchers to understand who the hackers were targeting, what they hoped to learn and how widespread the operation was. In addition, JadeRAT can steal passwords, disable WiFi connection and force a device to shutdown.<\/p>\n

Most of the capabilities offered by JadeRAT are relatively standard in other contemporary spyware products. One of the exceptions, however, is a function that automatically notifies the attacker\u00a0via SMS text message whenever an infected device has booted up.<\/p>\n

While it\u2019s likely that most affected devices were infected with JadeRAT because the victims voluntarily downloaded the aforementioned applications, it\u2019s also possible that Scarlet Mimic physical accessed some of the systems owned by its victims.<\/p>\n

\u201cWhile victims could be compromised via social engineering that tricks them into installing a chat application trojanized with JadeRAT, the frequent use by this family of \u2018SIM Card Management\u2019 as a title suggests physical access may also be used in some instances,\u201d explained Flossman. \u201cThe reasoning behind this is that it seems fairly unlikely for a typical user to want to install an app that supposedly offers this functionality however, such a title would most likely be ignored by your average user if seen in the list of running apps.\u201d<\/p>\n

Palo Alto Network\u2019s research about Scarlet Mimic notes that the group was active since at least 2012 and is largely interested in gathering \u201cinformation about minority rights activists,\u201d according\u00a0to a company blog post<\/a>\u00a0published last year.<\/p>\n

Lookout believes 2017 represents the most active year yet for JadeRAT infections. At the moment, the malware is only effective against Android devices.<\/p>\n

<\/div>\n
<\/div>\n","protected":false},"excerpt":{"rendered":"

Autor : Chris Bing OCT 30, 2017 | CYBERSCOOP Security researchers say a hacking group likely\u00a0linked to the\u00a0Chinese government is conducting targeted surveillance against a Chinese ethnic minority, known as the Uyghurs, through the deployment of sophisticated mobile malware, according to\u00a0new evidence publishedFriday by U.S. cybersecurity firm Lookout. The attackers are associated with a known […]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-594","post","type-post","status-publish","format-standard","hentry","category-chinas-uyghur-politics"],"_links":{"self":[{"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/posts\/594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=594"}],"version-history":[{"count":6,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/posts\/594\/revisions"}],"predecessor-version":[{"id":601,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=\/wp\/v2\/posts\/594\/revisions\/601"}],"wp:attachment":[{"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/akademiye.org\/en\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}