http://www.darkreading.com/vulnerabilities---threats/advanced-threats/franchising-the-chinese-apt/d/d-id/1315660
By Kelly Jackson Higgins
Dark Reading
9/11/2014
Two Chinese cyber espionage gangs known for targeting very different
industries and working out of different regions of the nation actually use
some of the same or similar tactics, tools, and resources in their spying
operations, researchers found.
Such collaboration and resource sharing has not typically been the MO
among Chinese cyber espionage groups, and this could indicate an evolution
in the nation's cyberspying operations toward more organized, streamlined,
and cooperative operations, according to FireEye, which studied the inner
workings of the groups.
"They use similar malware implants, backend infrastructure, and similar
social engineering techniques. But they are distinct based on their
mission focus and locations," says Thoufique Haq, senior research
scientist at FireEye. "It's quite possible they are subgroups with their
own mission focus."
The so-called Moafee gang, which targets military and government entities
such as the US defense industry, and the DragonOK gang, which targets
high-tech and manufacturing companies in Japan and Taiwan, operate out of
different regions in China and constitute separate groups, researchers
say. Moafee appears to operate out of Guandong Province, and DragonOK
appears to operate out of Jiangsu Province.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
