Security Companies Team Up, Take Down Chinese Hacking Group 63
daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.
liar (Score:4, Informative)
removing malware isn't "taking down" a hacking group; that's just what a victim does
6 years of hacking with the same malware? (Score:1)
Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect
If that Chinese hacker group "Axiom" really uses the same "Hikit" code all these years then they are no better than a bunch of lazy script kiddies
6 years of hacking with the same malware? (Score:1)
If that code is such an effective root kit that they have no need to change it other than deploying it with various 0 days and "droppers", it sounds like they are making a rational business decision.
Re:6 years of hacking with the same malware? (Score:4, Insightful)
A sane hacking group would just use the existing hack until it fails, while keeping the new tricks in reserve. Expect more, better hacks from the hackers. They've had a while to work on them.
Re:6 years of hacking with the same malware? (Score:5, Insightful)
Any hacker group that relies on the same malware code on their hacking, for 6 year straight, deserves no respect
Aren't they just being efficient. If it ain't broke, don't fix it?
Re:6 years of hacking with the same malware? (Score:5, Funny)
you mean: if it ain't fixed, keep using the break
Re: (Score:2)
you mean: if it ain't fixed, keep using the break
Touchè!
Re: (Score:2)
Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".
Re: (Score:2)
Maybe this is just the malware they expected people to find. Think of how many people now have a greater false sense of security because this group was "taken down".
You're right... the real problem malware is of course the stuff that I can't detect on my pc! Quick, pass my tinfoil hat and gloves.
Re:6 years of hacking with the same malware? (Score:4, Funny)
Re: (Score:1)
Why would they quit using something that keeps working?
Re: (Score:3)
Re: (Score:2)
Absolutely. I expected to read about missile strikes on the hackers or something. Does anyone really believe this is the only malware this group uses?
Bullshit ... (Score:2, Funny)
... If someone spray paints my mailbox with graffiti and I clean it off, is that vigilantism?
Re: (Score:2)
... If someone spray paints my neighbor's mailbox with graffiti and I clean it off, is that vigilantism?
Re: (Score:2)
Actually ...
Nah, I got nothing.
You are correct.
Re: (Score:2)
I'm all for malware clean-up efforts, but there are laws and ethics that may prevent some techniques for doing so.
Re: (Score:1)
If someone spray paints your mailbox with graffiti and your neighbor repaints the mailbox a nice shade of mauve without consulting you first - and on top of that, you're a bit suspicious that maybe they steamed open your letters, read them and then glued them shut before moving on to the next mailbox.
... are you still alright with that?
Re: (Score:1)
Actually, their method of "taking down" the Chinese hackers was to release the Oct. 14th version of Microsoft's Malicious Software Removal Tool (MSRT). Seriously, its in the TFA.
Re: smoke and mirrors (Score:2)
Not if they had permission from the owners. Microsoft did (read the EULAs)
smoke and mirrors (Score:2)
So Microsoft is the Batman?
No one has been "taken down". (Score:1)
Are the people responsible identified?
Are they dead or incarcerated?
No and no. Nothing is taken down. You might have patched some bullet holes and developed better armor, but the shooter is still at large and still dangerous.
Chinese government complicity (Score:4, Insightful)
Why don't they come out and call a spade a spade...the Chinese government aids, at worst, or allows, at best, this activity. Ask anyone who has spent any time living in China. It's pretty difficult to do anything that they don't like and if when you do manage to circumvent the rules, it's only because you're greasing the palms of someone inside the government. "Hacking group".....riiiiiiiiiight. (rolling eyes)
Re: (Score:3)
Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?
Re: (Score:2, Insightful)
Re:Chinese government complicity (Score:5, Interesting)
Well, 5 mod points and a dozen donuts for anyone with a solution. It's bad situation considering that U.S. and China depend on each other for business and economic reasons yet we treat each other like adversaries. The Chinese government hasn't given much historical respect to the concerns of intellectual property. When it comes to bringing hard consequences to malicious hackers in their borders they offer us zero cooperation in cases like this. So WTF do we do?
Use it to supplied bad information. Bogus code, code that fails at critical times, misinformation about deals, bargaining positions, etc. Use it as a vector to infect computers with destructive viruses that destroy data, open up their machines for penetration, or cause control systems to fail.. In short, turn the malware into a double agent.
Re: (Score:1)
WTF = the Chinese plan 200 years ahead where the USA thinks only to the next "November" (election).
The US and "west" in general have to get off their duff and start having a plan, or become the slaves of the future. Horrid though that your kids may be slaves because your government today failed to think ahead and see quite obvious things, took the wrong decisions, etc.
Re: (Score:2)
So you think the Chinese started their hacking plans while the US was involved in the war of 1812?
Re: (Score:3)
Yeah, in the US, the FBI does it officially. Or did you miss the news about that fake newspaper site they put up?
Take Down? (Score:2)
They didn't kill the power plants in China, did they?
Yuh Huh (Score:5, Funny)
Malicious code on 43,000 Windows computers .. (Score:2)
What operating System did these 'computers' run on?
Re: (Score:1)
If it was Linux, that it would have been mentioned in the title, else it's 'computer' malware
NSA FTW! (Score:1)
Now, if they also eradicated some of the NSA malware in the process... I mean... uh as collateral damage, so to speak...
Sigh. I'll keep on dreaming.
Microsoft, payback for their past crap security (Score:2)
Its interesting that Microsoft is mentioned as key contributor to this, when most likely the affected systems that are allowing hackers to slip into organization unauthorized is likely due to the horrendous poor security of Microsoft's own operating system.
Why is this not escalated? (Score:4, Insightful)
It is disgraceful that a consortium of PRIVATE companies has to tackle this issue when there is clear violation of any number of laws at stake.
Get to work, you government agencies, and, instead of spying on your fellow countrymen, do your job.