Skip to main content

Just reading about the China cybersecurity scare can get you hacked – here’s how

mandiant email attack

China’s hacking the United States, according to an expose from Mandiant, which blew open the doors and tracked a network of hackers’ activities down to the very building. The report is an intriguing and straightforward read with few terms laymen would have to look up in a dictionary. If you’re trying to find the source of the report, here it is straight from Mandiant’s website. Otherwise do not, and we can’t stress this enough, do not open up suspicious emails.

There have been reports of phishing popping up in the news recently, what with Twitter, Pinterest, and Tumblr user’s email addresses . Phishing is an age old tactic since the dawn of email, but hackers have been getting increasingly clever with their tactics. Hackers don’t always need to be computer whizzes. Social engineers, who use social duping tactics, can use the right phrasing to sound like a legitimate entity, only to steal your information. Using both hacking skills and these social duping methods, someone is reportedly circulating a false Mandiant report that’s dropping Trojans onto victims’ computers.

Related Videos

Symantec says that the email sender claims to be from the press, who is recommending users to read the attached report. And by the looks of it, the report appears legitimate from a glance, thumbnail and all. The language of the email, based on the screen shot that Symantec displays, is in Japanese, and notes that the email may be sent in various languages. But here are a couple of pointers to ID the suspect email that Symantec points out: “Like in many targeted attacks, the email is sent from a free email account and the content of the email uses subpar language. It is obvious to a typical Japanese person reading the email that it was not written by a native speaker.”

Surprise, surprise, the delivery platform this hacker has decided to use is Adobe. When the victim opens up the attached PDF in the email, their computer is immediately infected. “The PDF file may drop Trojan.Swaylib and Trojan.Dropper, which drops Downloader,” Symantec researcher Joji Hamada writes. In some instances the Trojan masquerading as a PDF will drop malware.

Does this situation ring a bell? Just two weeks ago, Adobe had a zero-day exploit on their hands that would drop two DLLs (dynamic link library) onto the victim’s computer and would trick the computer into running malware. Well Adobe claimed to have patched that issue up, but with all of Adobe’s faults with Acrobat and Reader, it isn’t shocking that another vulnerability is being exploited. 

Editors' Recommendations

Best VPN services 2023: today’s top picks
best VPN services

People around the world use the internet for everything today, including work, education, shopping, socializing, and managing finances. It goes without saying, then, that ensuring your online privacy is more pressing than ever. Even if you lack technical skills, there's an affordable and easy security solution: a virtual private network, better known as a VPN. By using a good VPN, you can protect your devices and hide your online activities from cyber-criminals, network snoops, online busybodies, institutional censors, and other unwanted pests. But with so many options available, it can be challenging to choose the right VPN for your needs and budget. To help you make an informed decision and maybe even save you some money, we've curated a comprehensive list of the best VPN services complete with details on their pricing, features, and more.
Best VPN 2023

Hotspot Shield
Private Internet Access
Kaspersky VPN

Read more
Adobe Firefly brings text-to-image AI to the masses, with artist ethics in mind
AI-generated imagery in Nvidia's press photo for AI Foundations.

Adobe Firefly was announced today by Adobe, as the company attempts to capitalize on the surge in interest in generative AI. The text-to-image model is only in beta, but will be coming first to Adobe Express, the company's simplest and most user-friendly application.

The set of tools will function a lot like many of the other popular text-to-image models, such as Stable Diffusion or Midjourney. The difference here, however, is that Firefly is built from the ground up by Adobe to be used within its creative applications. That means Firefly will be both highly accessible to beginners and include important ethical considerations for artists.

Read more
Bing Image Creator brings DALL-E AI-generated images to your browser
Bing Image Creator being used in the Edge sidebar.

Microsoft isn't slowing down its momentum in generative AI. Just a month since it launched the ChatGPT-based Bing Chat, the company is now introducing Bing Image Creator, which brings text-to-image generation right to your browser.

Bing Image Creator lets you create images from text using DALL-E, which is OpenAI's own text-to-image AI model. Microsoft says it's using "an advanced" version of DALL-E, though the company didn't provide specifics about how it was different than the current DALL-E 2 model. This isn't dissimilar, though, to how Bing Chat was announced, which had been running on GPT-4 before the new model had even been announced.

Read more