Chinese hackers secretly use Microsoft TechNet for malware assault

APT17 at it again

Hackers strike

Chinese hackers have been using Microsoft's TechNet website to hide malware attack controls used to carry out assaults on all manner of different groups.

Web security firm FireEye reports that the APT (advanced persistent threat) 17 group has been hiding encoded domain names in the comments section of the forum on the popular Microsoft technical documentation site.

The group created accounts to leave the comments and when computers infected by APT17's malware visited the pages they contacted the domains that then pointed the computers in the direction of a command-and-control server owned by APT17.

"Given its effectiveness, we anticipate that this encoding and obfuscation will become a truly pervasive tactic adopted by threat actors around the world. However, by working closely with companies like Microsoft and targeted organisations to develop threat intelligence, we can assist security professionals and disrupt these activities," said Laura Galante, manager of threat intelligence at FireEye.

Other forums could be targeted

FireEye went on to explain that it would be easy for APT17 to use the same tactic on other forums and message boards should they wish to, and the security of TechNet was not compromised as a result of the attack.

Historically, APT17 has targeted US government entities, international nongovernmental organisations and private companies across the globe especially those in the defence industry, law firms, information technology firms and mining companies.

Article continues below