Search in HRJ Tricks

Related Posts Plugin for WordPress, Blogger...

Friday, February 8, 2013

Chinese malware campaign 'Beebus' target US defense industries

Operation Beebus
A Chinese malware campaign called 'Beebus' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails...

Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server.

FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory. 

It has modules to capture system information like processor, disk, memory, OS, process ID, process start time and current user information and another module to download and execute additional payloads and updates.

The original PDF was modified using the Ghostscript tool for making weaponized PDF. Researchers believes that Beebus is a Chinese campaign because of its similarities to Operation Shady RAT.

The Beebus attackers also used a TTP (tools, techniques, and procedures) identical to the RSA hack. Researchers believe that to group called "Comment Group" or "Comment Team," associated with the Chinese government is behind the Operation Beebus campaign.


  1. I loved as much as you will receive carried out right
    here. The sketch is tasteful, your authored material stylish.
    nonetheless, you command get bought an impatience over that you wish
    be delivering the following. unwell unquestionably come further formerly again since exactly
    the same nearly very often inside case you shield this hike.

    My blog post; phone psychic readings
    Also visit my site ; psychic advisors

  2. Do you have any video of that? I'd care to find out some additional information.

    my website :: 90 day payday loans