Hackers turn China security report into Trojans

Hackers turn China security report into Trojans

Summary: Hackers create malicious versions of a report released by Mandiant which linked cyberattacks to the Chinese army, but the IT security vendor says its system is not breached.

TOPICS: Security, China

Hackers have embedded viruses into a security report which linked the Chinese army to cyberattacks on U.S. companies, infecting computers that download digital versions of the 60-page report. 

Mandiant PDF
An e-mail attached with the malware-infected version of the Mandiant report. (Source: Symantec)

When downloaded, the tainted versions would allow hackers to remotely control infected computers after users attempted to read the report which was released last week by U.S. IT security vendor, Mandiant.

blog post by Symantec said hackers used the report as "bait", embedding a malware called, Trojan.Pidief, into fake reports which displayed a blank PDF document when opened. Unbeknownst to users, the tainted report would trigger the exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability. 

Symantec highlighted an e-mail in Japanese purported to be from someone in the media industry which contained a PDF attachment of the fake Mandiant report. 

In its report, Mandiant pointed to a 12-storey building in Shanghai, China, which it claimed was operated by a government-sponsored online epionage group. Known as APT1, the hacker group had targeted U.S. businesses and government organizations, the security vendor said, noting that the high number of APT1 IP addresses "betrays the true location and language of the operators". 

The Chinese Ministry of Defence had refuted the claims and called out the report for lacking any technical basis to conclude the source of attacks were from China. 

Topics: Security, China


Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently a freelance blogger and content specialist based in Singapore, she has over 16 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Imagine that

    I suppose it could be mere opportunism, but it wouldn't surprise me greatly if China's team of patriotic hackers is "teaching Mandiant a lesson".
    John L. Ries