- adobeservices.info.tm
- express.it.cx
- freewave.us.to
- news.lflinkup.org
- public.ddns.us
Did Chinese Hackers Penetrate Your Network?
Has China’s APT1 hacker group probed your network? Lancope's StealthWatch Labs has published a number of IP addresses that security admins may want to check against their logs. Granted, Lancope would like to sell you its StealthWatch system, which combines flow-based anomaly detection and network performance monitoring into a service. However, its Labs team has published what the company promises will be an updated list of IP addresses in a bid to collectively detect, block, and eliminate "Comment Crew" attacks—no matter the products actually involved. Although so-called Advanced Persistent Threats can come from all directions, the latest, highest-profile example originated what analyst firm Mandiant said was the Chinese military. The so-called APT1 group is believed to include thousands of people engaged in attacks against companies and agencies in the United States and elsewhere. To date, Mandiant has contributed a list of MD5 hashes of the software allegedly used by the APT1 attackers; Symatec also provided a list of IP addresses used as command-and-control systems. StealthWatch has said it’s amassed additional hashes, domain names, and IP addresses from malware samples and collected data. According to the company, it's likely these malware samples are associated with the same attacks, because they used the same command-and-control infrastructure. Checking for IP addresses and hashes is like looking for mouse droppings: if you find them, chances are that you'll be infested again. "Due to the persistent nature of these attacks, it is likely that if you were compromised in the past, your network may still be targeted now and in the future," StealthWatch wrote. "Discovering these indicators can be an important starting point for a thorough forensic investigation." The five new domain names that StealthWatch found include: