Military contractors now targeted by Chinese cyber attacks, says F-Secure

The attacks on U.S. defense contractors followed apparent China-based hacks targeting Google and other tech firms

The targeted cyber attacks apparently originating in China that hit Google and more than 30 other companies late last year are now targeting some U.S. defense contractors, according to security vendor F-Secure.

In a blog post this week, F-Secure Chief Research Officer Mikko Hypponen said the company has learned of instances where malicious PDF files were e-mailed to U.S. defense contractors last week. The PDF file was designed to look like an official Department of Defense document and contained information about a real Mission Planning User Conference to be held in Las Vegas in March, he added.

[ A security researcher claims to have found malicious code that links China to the Google hack. | InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]

A screen shot of the document pasted onto the F-Secure blog shows a very authentic-looking Air Force written Memorandum for Mission Planning International Community.

Opening the PDF document using Adobe Reader allows hackers to exploit a previously disclosed vulnerability in the function of the reader to install a backdoor on the user's system, Hypponen said. The backdoor connects to an IP address located in Taiwan. "Anybody who controls that IP will gain access to the infected computer and the company network," Hyponnen wrote.

The blog post did not say how many contractors were targeted with e-mails containing the poisoned PDF files, but noted that they were more recent than the attacks on Google and others. "While the 'Aurora' attacks against Google and others happened in December 2009, this happened just last week," he wrote.

On the surface at least, the attacks described by F-Secure appear to be similar to attacks last month on Indian government agencies and the country's National Security Advisor that were also said to originate in China. The Dec. 15 attacks also involved corrupted PDF files being e-mailed to targeted individuals within these organizations.

News of the attacks against the contractors comes in the wake of Google's bombshell announcement last week that it had been victimized by targeted attacks that appeared to have originated in China.

The attack on Google -- and more than 30 other technology companies -- last week prompted the U.S. State Department to say it will be lodging a formal complaint seeking an explanation from the Chinese government.

China itself meanwhile has denied any involvement in the alleged cyber attacks and called itself a victim of such hackers.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan , send e-mail to or subscribe to Jaikumar's RSS feed .

This story, "Military contractors now targeted by Chinese cyber attacks, says F-Secure" was originally published by Computerworld.


Copyright © 2010 IDG Communications, Inc.