Chinese hackers used tools leaked after attack on Italian cybersecurity firm Hacking Team

PUBLISHED : Tuesday, 14 July, 2015, 1:01am
UPDATED : Monday, 20 July, 2015, 11:39am

Two major hacking groups linked to China are believed to have used exploits revealed in the wake of a recent attack on Italian cybersecurity firm Hacking Team.

Sectors targeted in their attacks included aerospace and defence, energy, telecommunications and healthcare, cyber experts said. 

They appear to have used tools that were made public after unknown attackers stole 400 gigabytes of data last week from Hacking Team,which specialises in selling surveillance software to law enforcement and intelligence agencies around the world.

Stockpiling exploits maintains a vulnerable status quo. It also introduces a new risk that the exploits could be stolen and used by others.
Bryce Boland, FireEye 

The company was named an "enemy of the internet" in 2012 by Reporters Without Borders for providing surveillance and hacking tools to regimes accused of serious human rights abuses like Sudan and Egypt.

The stolen data was posted online, where it was pored over by cybersecurity experts.

Cyber criminals also appear to have taken advantage of the vulnerabilities that were exposed, especially zero-day exploits that Hacking Team had stockpiled and were subsequently leaked.

Zero-day vulnerabilities are holes in pieces of software that are unknown even to their creators, making them all but impossible to guard against.

Cybersecurity firm FireEye said that two Chinese hacking groups it monitors have been spotted using Hacking Team's zero-day exploits to subvert the widely popular Adobe Flash Player software. It said the two teams were not believed to be working together.

"Zero-day exploits are extremely valuable to attack groups," Bryce Boland, FireEye's chief technology officer for Asia Pacific, told the South China Morning Post

“When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly."

He said Hacking Team was playing with fire by stockpiling such exploits in the first place.

"By design, stockpiling exploits maintains a vulnerable status quo. [It] also introduces a new risk that the exploits could be stolen and used by others," he said. 

The Flash exploit was apparently sold to the company by an anonymous Russian hacker for US$45,000, according to an email included in the leaks.

Adobe was quick to issue a patch when it noticed the problem, but not before the two groups were able to launch their attacks, Boland said.

On Sunday, Hacking Team chief executive David Vincenzetti admitted to Italy's La Stampa newspaper that the leaked exploits and software could be used by "terrorists [and] extortionists". 

"Sufficient code was released to permit anyone to deploy the software against any target of their choice," he said. 

Boland said a risk remains as even if vendors release updates patching the exploits revealed this week, many users will continue to run older versions of the software.