SECURITY OUTFIT Symantec has warned that China-themed cyber espionage group Patchwork has expanded and is now targeting UK-based companies.
A report by the firm said that it has seen the group, also sometimes colourfully dubbed Dropping Elephant, using Chinese-themed content to lure victims to infected websites in the hope of installing malware on their devices.
The group has now widened its attack surface and is looking at high-end sectors such as finance, energy, aviation and NGOs rather than focusing solely on government organisations and employees.
"Patchwork originally targeted governments and government-related organisations. However, the group has since expanded its focus to include a broader range of industries," Symantec said.
"According to Symantec telemetry, targeted organisations are located in dispersed regions. Although approximately half of the attacks focus on the US, other targeted regions include China, Japan, South East Asia and the UK."
The group uses emails sent via newsletter mailing lists to target those they wish to infiltrate, using relevant-sounding stories and announcements to tempt those receiving the emails to visit the malicious websites, as shown above.
Once there, the victims are encouraged to download files, usually masquerading as Word or PowerPoint documents, which contain trojans that can access information stored on the machines.
"While back door trojans wait for commands from the threat actor, they can search for files and upload them to the specified server once activated. For unknown reasons, both threats use Baidu, the Chinese software vendor, in their routines," Symantec said.
"The trojans confirm an internet connection by pinging Baidu’s server, and create a registry entry with the vendor’s name to run every time Windows starts."
Symantec advised organisations to see that staff are aware of the threat from phishing emails, and to keep software and systems up to date with the latest security patches.
The warning is just the latest in a long line of threats aimed at businesses. One new concern relates to crooks befriending people via LinkedIn to understand company structures and then send legitimate-looking phishing emails. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark