Chinese cyberspies and hackers are using cloud-based storage service Dropbox and blogging platform WordPress to spread malware, a tech site reported over the weekend.
The “DNSCalc gang” has been using the Dropbox file-sharing service for about 12 months, PC World quoted Cyber Squared chief intelligence officer Rich Barger as saying.
“I wouldn’t say it’s new. It’s just something that folks aren’t really looking at or paying attention to,” it quoted Barger as saying last Thursday.
Berger added hackers appeared to prefer Dropbox because employees of many companies use the service. “People trust Dropbox,” he said.
For its attacks, DNSCalc opened accounts on Dropbox and WordPress and used their services, instead of exploiting vulnerabilities in the two online services.
PC World said the “DNSCalc gang” was among some 20 groups linked by security firm Mandiant to cyberattacks seeking information.
DNSCalc was going after intelligence on individuals or governments connected to the Association of Southeast Asian Nations.
In the course of its attacks, the gang uploaded to Dropbox a ZIP file claiming to belong to the US-ASEAN Business Council.
The gang would send messages to recipients that would likely be interested in the draft of a Council policy paper.
Hidden in the ZIP file were a PDF of the document – and a malware that opened a backdoor to the infected computer.
Upon the backdoor’s opening, the malware would retrieve a WordPress blog created by the gang, which led to a command and control server.
Berger said the best prevention is for security experts to share information so they can improve their defenses. â€” TJD, GMA News