Chinese Hacker Group Uses Dropbox for Malware Command and Control
NEWS ANALYSIS: The current malware threat isn't targeting U.S. interests now, but the hacker group could easily turn its attention in that direction as it has in the past.The Chinese cyberthreat group known as "admin@338" has developed a new and potentially serious method of attacking enterprises using a resource that's probably already in use at your organization. The delivery system uses application programming interfaces (APIs) from Dropbox to hide the attackers' command and control functions inside an encrypted service where it can't be found. The research group at FireEye initially found the malware. As is the case with many malware examples these days, this attack starts out as a phishing attack, using an infected Word document. When the recipient opens the document, the malware payload opens a session with the attacker's account on Dropbox. Once the session starts, the malware sends a file to the Dropbox account containing basic information about the infected computer. The command and control system on the Dropbox account then starts controlling the malware on the infected computer, perhaps searching for specific information, or perhaps loading additional malware.
Right now this specific threat is aimed at media outlets located in Hong Kong in the wake of unrest in that former British colony. However, the admin@338 group primarily attacks Western interests and is likely to begin doing so again. This means that taking precautions now, in advance of any attack against U.S. targets, means you'll be ready when it happens here, as it certainly will eventually.