Military contractors targeted in Chinese attacks, says F-Secure

Attacks followed apparent China-based hacks targeting Google, other tech firms

The cyberattacks apparently originating in China that hit Google Inc. and more than 30 other companies late last year are now targeting some U.S. defense contractors, according to security vendor F-Secure Corp.

In a blog post this week, F-Secure Chief Research Officer Mikko Hypponen said the company has learned of instances in which U.S. defense contractors received e-mails containing a malicious PDF file last week. The PDF file was designed to look like an official U.S. Department of Defense document and discussed the Mission Planning User Conference, which is an actual event slated to take place in Las Vegas in March, he added.

A screen shot of the document pasted onto the F-Secure blog shows an authentic-looking Air Force memo titled "Memorandum for Mission Planning International Community."

When the PDF document is opened using Adobe Reader, hackers are able to exploit a previously disclosed vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user's system, Hypponen said. The back door connects to an IP address located in Taiwan. "Anybody who controls that IP will gain access to the infected computer and the company network," Hypponen wrote.

The blog post did not say how many contractors were targeted with e-mails containing the poisoned PDF files, but Hypponen noted that these attacks took place more recently than the assaults on Google and others. "While the 'Aurora' attacks against Google and others happened in December 2009, this happened just last week," he wrote.

On the surface at least, the attacks described by F-Secure appear to be similar to attacks last month on government agencies in India, including the office of the country's national security adviser. Those attacks, which took place Dec. 15, were also said to originate in China and also involved malicious PDF files being e-mailed to targeted individuals.

News of the attacks against the contractors comes in the wake of Google's bombshell announcement last week that it had been victimized by targeted attacks that appeared to have originated in China.

Last week's attack on Google and more than 30 other technology companies prompted the U.S. State Department to say it will be lodging a formal complaint seeking an explanation from the Chinese government.

China itself has denied any involvement in the alleged cyberattacks and called itself a victim of such exploits.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, send e-mail to jvijayan@computerworld.com or subscribe to Jaikumar's RSS feed .

A look inside the Microsoft Local Administrator Password Solution
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies