Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Chinese malware targeted US drone secrets, security firm alleges

'Beebus' campaign took big interest in small UAV companies

Article comments

A series of highly-targeted malware attacks detected a year ago are almost certainly part of a longstanding and determined Chinese campaign to steal industrial secrets from US companies working in the field of UAVs (Unmanned Aerial Vehicles), security firm FireEye has claimed.

The idea that the Chinese state or its helpers might be conducting mass digital raids on US companies is no longer as contentious or extraordinary as it would once have seemed, which is just as well because ‘Operation Beebus’ (named after a domain used in early attacks) looks like an open and shut case.

The attacks themselves used incredibly basic spear phishing designs in which malicious or ‘weaponised’ PDFs were mailed to named targets, which on PCs vulnerable to one or more common software flaws were able to prise open Trojan backdoors.

FireEye noticed the attacks on some of its customers in the aerospace and defence last March, logging successive waves of the malicious PDFs turning up at regular intervals since then.

The evidence for Chinese involvement in Beebus was compelling, starting with the not inconsiderable fact that it appeared to reuse or have in common some of the command and control infrastructure (C&C) connected to an infamous APT (Advanced Persistent Threat) attack on RSA’s SecurID token system in 2011, later traced to the country by official sources.

The Beebus attackers also used a TTP (tools, techniques, and procedures) identical to the RSA hack, that of obfuscated/encrypted HTML, labelled by US intelligence as being the handiwork of the Sino ‘Byzantine Candour’ group, FireEye said

“We have enough evidence that points heavily in that direction” said FireEye senior staff scientist, Darien Kindlund on the Chinese connection. “We knew this was being done on behalf of a nation state,” he said.

In total the C&C had reached 214 servers with 60 unique IP addresses, a large investment in time and effort.

Despite being unsophisticated, “we believe the attack was largely successful.”

All of the targeted firms were in defence and aerospace with an unusual focus on those in the supply chain involved in UAV and other robotic aircraft.

A spreadsheet seen by Techworld noting the nature of the attacks, recorded 261 separate attacks on FireEye customers in 2012, 123 of which were on UAV or UAS (Unmanned Aerial Systems) vendors.

According to the company, the attackers used the simplest attack design to get the job done, changing malware and subject lines only as often as they had to. This suggested that the organisation launching the attacks probably saw its work in a commercial rather than political light.

Last week, two US newspapers alleged cyberattacks by Chinese actors on its journalists as part of a campaign to monitor emails. Meanwhile, reports of similar targeted attacks on large US companies have become routine.

Some in the US are still reluctant to openly blame China but they are gradually retreating into the minority as even prominent figures such as Eric Schmidt of Google raise the issue more openly.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *