Hong Kong news site, political party in Taiwan hit by tools leaked in attack on Hacking Team

PUBLISHED : Wednesday, 29 July, 2015, 4:11pm
UPDATED : Wednesday, 29 July, 2015, 4:11pm

A popular news site in Hong Kong and a political party in Taiwan have become the latest victims of the recent attack on cybersecurity firm Hacking Team.

A number of websites in the two territories have been compromised using tools developed by the Italian company, according to security experts..

The tools were leaked when the company’s servers were taken down earlier this month. The attackers, whose identities remain unknown, leaked 400 gigabytes of files including exploits and hacking tools.

Hacking Team uses these to sell its bespoke cyber surveillance packages to governments, including some blasted for human rights abuses. 

According to US anti-virus maker Trend Micro, the leaked tools were quickly taken advantage of by cyber criminals, who began a three-pronged campaign against websites in Hong Kong and Taiwan "as early as July 9”, the company said. 

The attack on Hacking Team happened just a few days earlier.

Hackers targeted sites with pre-existing vulnerabilities, and used them to deliver exploits found in the popular Adobe Flash software. If a visitor to any of the targeted websites downloaded the exploit, the hackers could access their computer and hijack it with more sophisticated tools to gain full control. 

"The actors compromised the sites of a local television network, educational organisations, a religious institute, and a known political party in Taiwan; and a popular news site in Hong Kong," Trend Micro fraud researcher Joseph Chen said.

Chen said Trend Micro had notified the affected websites, which he did not name.

However, as of Wednesday morning (Hong Kong time), at least three "remain compromised", he said. 

This is not the first time leaked Hacking Team tools have been used by cyber criminals. 

Cybersecurity firm FireEye said that two Chinese hacking groups it monitors began using Hacking Team exploits almost immediately in the wake of the initial attack. 

It warned that, while Adobe and other firms made vulnerable by the leaked data have released patches for their compromised software, weaknesses still remain, as many users do not update regularly.