Malaysian flight MH370 tragedy abused by Chinese hackers for Espionage attacks

The Mysterious Malaysian Airlines flight MH370, a Boeing 777-200 aircraft that has gone missing by the time it flew from Kuala Lumpur to Beijing. The Malaysian Prime Minister had also confirmed that the Malaysia Airlines plane had crashed in a remote part of the southern Indian Ocean.

Cyber Criminals are known to take advantage of major news stories or events where there is a high level of public interest and now Scammers are also targeting tragedy of MH370 to trap innocent Internet users.

Just a few days before we warned you about a Facebook malware campaign claimed that the missing Malaysian Airlines 'MH370 has been spotted in the Bermuda Triangle' with its passengers still alive and invites users to click a link to view breaking news video footage.

This week, Security researchers at FireEye have revealed about various ongoing spear phishing and malware attacks by some advanced persistent threat (APT) attackers.

According to the researchers, the Chinese hacking group called 'admin@338', specialized in cyber espionage attacks had sent multiple MH370-themed spear phishing emails to the government officials in Asia-Pacific, with an attachment referring to the missing Malaysian flight MH370.

 

The attachment file was actually merged with Poison Ivy RAT (remote access tool) and WinHTTPHelper malware to hijack the computer systems of government officials.

The Chinese Hacking Group also initiated another attack against the US based think tank on 14th March. A malicious attachment was dropped via spear phishing mails, contains “Malaysian Airlines MH370 5m Video.exe”. The malicious attachment pretended to be a Flash video related to the missing plane and attached a 'Flash' icon to the executable file.

"In addition to the above activity attributed to the Admin@338 group, a number of other malicious documents abusing the missing Flight 370 story were also seen in the wild." researchers said.

More technical details and various attacks are explained on Fireeye blog. If you receive an email or any message on social media websites claiming to have information or news on Malaysian Airlines Flight MH370 do not click on any links or attachments.

Source: Thehackernews