Suspected Chinese hackers have systematically targeted diplomats working within foreign ministries in European countries, reports Nicole Perlroth of The New York Times.
The hackers were hoping to find out how those ministers viewed the U.S. ahead of a key 2011 G20 finance meeting in Paris, according to a FireEye report Perlroth read.
What’s interesting, though, is yet again the hackers used target-specific spear phishing attacks to breach the diplomats’ computers:
The attackers sent their targets emails with a link that claimed to contain naked photos of Carla Bruni-Sarkozy, wife of former President Nicolas Sarkozy of France. Once clicked, attackers were able to gain a foothold into their targets’ computer networks, though investigators said they were unable to see which files the attackers had taken.
Needless to say, the diplomats took the bait.
Whether they made good on their promise or not, the hackers were able surreptitiously to steal information from infected computers.
Spear phishing attacks usually come in the form of an official-looking email that contains a link. The link directs the user to a website containing malware, or the link itself contains an auto-exec file which deploys malware the moment the user clicks.
They are the most commonly used and researched form of security breach companies and governments have to mitigate. Spearphishing is user activated and so requires no expensive or risky use of software backdoors or brute force attacks.
Often, upon closer inspection of the email address, users can usually identify that the sender is an imposter.