New York Times Hackers Back With Smarter Malware

The alleged hackers behind the much-publicised hit on the New York Times have been spotted using more sophisticated malware to ensnare more targets.

FireEye said the attackers, whom some say the Chinese government sponsored, had hit an unnamed economic policy organisation. This is the first major move from the hacking group since the attacks on the New York Times in January.

New York Times attackers return

Since May, they have been using updated versions of the Aumlib and Ixeshe malware, using more encoding of command and control communications and running over new network traffic patterns to cover their tracks.

Such subtle changes may be enough to avoid intrusion detection systems looking out for older versions of the malware

“The updates are significant for both of the longstanding malware families; before this year, Aumlib had not changed since at least May 2011, and Ixeshe had not evolved since at least December 2011,” FireEye researchers Ned Moran and Nart Villeneuve said in a blog post.

“We cannot say for sure whether the attackers were responding to the scrutiny they received in the wake of the episode.

“But we do know the change was sudden. Akin to turning a battleship, retooling TTPs [techniques, tactics, or procedures] of large threat actors is formidable. Such a move requires recoding malware, updating infrastructure, and possibly retraining workers on new processes.”

It is not rare for hacking groups to retool after public exposure. In May, it was claimed the Unit 61398 group, based out of Shanghai and allegedly sponsored by the Chinese government, had returned to attack fresh US targets. It is not believed that same group, also known as the Comment Crew, was responsible for the attack on the New York Times.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

2 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

3 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

3 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

20 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

21 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

21 hours ago