New York Times Hackers Back With Smarter Malware

The alleged hackers behind the much-publicised hit on the New York Times have been spotted using more sophisticated malware to ensnare more targets.

FireEye said the attackers, whom some say the Chinese government sponsored, had hit an unnamed economic policy organisation. This is the first major move from the hacking group since the attacks on the New York Times in January.

New York Times attackers return

Since May, they have been using updated versions of the Aumlib and Ixeshe malware, using more encoding of command and control communications and running over new network traffic patterns to cover their tracks.

Such subtle changes may be enough to avoid intrusion detection systems looking out for older versions of the malware

“The updates are significant for both of the longstanding malware families; before this year, Aumlib had not changed since at least May 2011, and Ixeshe had not evolved since at least December 2011,” FireEye researchers Ned Moran and Nart Villeneuve said in a blog post.

“We cannot say for sure whether the attackers were responding to the scrutiny they received in the wake of the episode.

“But we do know the change was sudden. Akin to turning a battleship, retooling TTPs [techniques, tactics, or procedures] of large threat actors is formidable. Such a move requires recoding malware, updating infrastructure, and possibly retraining workers on new processes.”

It is not rare for hacking groups to retool after public exposure. In May, it was claimed the Unit 61398 group, based out of Shanghai and allegedly sponsored by the Chinese government, had returned to attack fresh US targets. It is not believed that same group, also known as the Comment Crew, was responsible for the attack on the New York Times.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago