Digital stakeout of Chinese hacker gang reveals 100+ victims

Crew behind 'Comfoo' RAT may have rooted through videoconferencing vendor for ways to watch confidential meetings in government, businesses

1 2 Page 2
Page 2 of 2

But one victim caught their attention.

While Stewart and Jackson declined to name any of the victims, they said one campaign had been aimed at a major videoconferencing software developer.

They speculated that the attackers were sniffing through that company's network for information on vulnerabilities in the software, which they could then exploit at other targets to put eyes and ears on confidential industry and government meetings. "They might be trying to leverage that access to spy on third parties," said Stewart.

In a report SecureWorks published last week on Comfoo, the company said that targeting audio and videoconferencing products was "unusual."

Other attacks may have had the same goal: Acquire inside information on everything from specialized security software to digital certificates for use in future campaigns.

SecureWorks' surveillance will also let security researchers better track the hacker gang, even though the cyber criminals have changed their malware tools since using Comfoo, and will undoubtedly do so again, said Jackson.

"It's safe to assume that they'll change their toolkits," Jackson said. "But as long as the key features match, we should be able to match them [in the future] with campaigns."

Hacker gangs, Jackson added, have personalities and quirks, and can be "fingerprinted" by closely analyzing not only the malware they use, but also how they organize the C&C infrastructure. "They all have patterns," Jackson said.

Although he wouldn't go into specifics, Jackson said that SecureWorks had already used the patterns found in the Comfoo campaigns to identify newer malware and attacks that the company believes is the work of the Beijing Group.

"As long as it's evolutionary rather than revolutionary, we should be able to spot them," Jackson said.

More information about the Comfoo surveillance can be found on SecureWorks' website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is

See more by Gregg Keizer on


Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Shop Tech Products at Amazon