Risk
2/20/2011
03:32 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Hacks From China Strike Canadian Government

CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.

CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.From the CBC:

An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned.

The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board - the federal government's two main economic nerve centres - off the internet.

So how did they get in?

The CBC reports that it was a standard spear-phishing attack, just as we've seen with the Aurora attacks against Google and many other high-profile companies in the U.S. According to the report, attackers gained access to systems by pretending to be federal executives. Under that pretense, they approached technical workers who provided the passwords needed to gain access to sensitive networks.

At the same time, reports indicate, the attackers sent staff members e-mails with attachments laced with malware designed to infiltrate systems further.

This is the latest in what has become a serial of attacks on Western interests that appear to be stemming from China. Including the Aurora attacks, attacks on the U.S. government, as well as recently reported attacks on energy firms.

For my security and technology observations throughout the day, find me on Twitter as @georgevhulme.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2184
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

CVE-2014-3619
Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVE-2014-8121
Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

CVE-2014-9712
Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

CVE-2015-2157
Published: 2015-03-27
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.