Dota is an anonymous member of a military-backed group of Chinese hackers notorious for stealing data from American companies.According to Forbes, this group has likely broken into computer systems owned by Coca Cola, security tech firm RSA, and energy company Schneider Electric.
But now we learn from The Next Web that security firm Mandiant was able to screen-capture Dota in action. It’s pretty compelling evidence, showing the hacker registering a new email address (he even provides his phone number for the SMS verification), breaking into victim computers, and stealing their data.
We're looking at the screen of a hacker named Dota. To start, he creates a new Gmail address and lists his country as the US.
Inside one of his email accounts, we see that Dota has used it to create numerous other addresses. There are also bounced messages that indicate this address was used in phishing attempts.
Dota is now using a Ghost Rat server, a piece of malware that can be used to remotely access computers and steal their data. He's testing it on his own computer first to make sure it works.
Now he's inside of a WEBC-2 command and control server. This is software similar to Ghost Rat except that you interact with it via a command line.
Using stolen login credentials, the hacker is inside of a Microsoft Exchange email server. The numbers on the left refer to specific emails and the numbers on the right indicate the size of each email.
Inside one of his own servers, the hacker transfers some software tools to a victim's computer via FTP.
Business Insider Emails & Alerts
Site highlights each day to your inbox.