FireEye and
Microsoft have moved against Chinese hackers taking advantage of the TechNet forum to spread malware.
According
to a new report released by cybersecurity firm FireEye, in late 2014, FireEye Threat Intelligence and the
Microsoft Threat Intelligence Center discovered a command-and-control (C&C) obfuscation code hidden within Microsoft's TechNet web portal. A Chinese group dubbed APT17 -- also known as Deputy Dog -- used the TechNet forum in order to hide the C&C code, making it more difficult for security professionals to locate the true source of the attack infrastructure.
The researchers say Deputy Dog created profiles and posts in TechNet which embedded the encoded C&C for use with a variant of the BLACKCOFFEE malware, malicious code used in cyberespionage campaigns.
