The Hacker News Logo
Subscribe to Newsletter

Chinese malware campaign 'Beebus' target US defense industries

A Chinese malware campaign called 'Beebus' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails.

Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server.


FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory. 

It has modules to capture system information like processor, disk, memory, OS, process ID, process start time and current user information and another module to download and execute additional payloads and updates.

The original PDF was modified using the Ghostscript tool for making weaponized PDF. Researchers believes that Beebus is a Chinese campaign because of its similarities to Operation Shady RAT.

The Beebus attackers also used a TTP (tools, techniques, and procedures) identical to the RSA hack. Researchers believe that to group called "Comment Group" or "Comment Team," associated with the Chinese government is behind the Operation Beebus campaign.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.