Most of the espionage coming from these “sophisticated” Chinese hackers was actually victim activated.
A cyber security company released a report last month detailing the exploits of a state-sanctioned group of Chinese hackers. The hackers had been siphoning proprietary information from defence firms and private companies in the United States.
It turns out that most of the espionage coming from these “sophisticated” Chinese hackers was in most part enabled by victims, The Hill reports.
Jennifer Martinez of The Hill recently talked to the founder of Mandiant, the cyber security company whose report blew the lid off the Chinese hacking group known as APT1.
From The Hill:
The APT1 hackers were able to crack into American companies’ computer networks and systems by targeting “human weakness,” according to [Mandiant founder, Kevin Mandia]. They would send emails to a company’s employees that appeared to be from someone they knew and the message would prompt those workers to click on a link or PDF file laced with malware. This would allow the hackers to get access to an employee’s computer.
The method is called “spearfishing,” and it baits email browsers into giving personal information, or in this case downloading command and control malware to their computers. One type of this software is called RAT, for Remotely Accessed Terminal (in some references, “Trojans”), something IT sections of companies often use to troubleshoot employee computers.
We recently covered how oppressive regimes, like Egypt, Tunisia and Syria, as well as perverts called RATters, used RAT programs to conduct surveillance on unwitting victims.
NOW WATCH: Briefing videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.