http://killerapps.foreignpolicy.com/posts/2013/10/11/always_watching_how_chinese_hackers_combine_old_and_new_espionage_tactics
By John Reed
Foreign Policy
October 14, 2013
Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of
limo rides. Normally, his limo company emails him PDF copies of his
invoices after every trip. Recently, though, something changed.
"I've been receiving PDF invoices not from them, but from an [advanced
hacking] group back in China; that's awesome," said Mandia in D.C.
recently. He only caught the attack when the hackers sent receipts on days
when he hadn't used the car service. "I forwarded them to our security
service, and they said, 'Yup, that's got a [malicious] payload.'"
Emailing a malicious file from a fake or hijacked email account belonging
to the acquaintance of a hacker's target is a famous cyber-espionage
tactic called spearphishing.
Hackers often search Google or social media to find the names of their
target's friends and co-workers. They then create a fake email address in
the name of a friend or coworker and fire off carefully written emails
containing malware to their target.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
