Skip to main content

Just reading about the China cybersecurity scare can get you hacked – here’s how

mandiant email attack
Image used with permission by copyright holder

China’s hacking the United States, according to an expose from Mandiant, which blew open the doors and tracked a network of hackers’ activities down to the very building. The report is an intriguing and straightforward read with few terms laymen would have to look up in a dictionary. If you’re trying to find the source of the report, here it is straight from Mandiant’s website. Otherwise do not, and we can’t stress this enough, do not open up suspicious emails.

There have been reports of phishing popping up in the news recently, what with Twitter, Pinterest, and Tumblr user’s email addresses . Phishing is an age old tactic since the dawn of email, but hackers have been getting increasingly clever with their tactics. Hackers don’t always need to be computer whizzes. Social engineers, who use social duping tactics, can use the right phrasing to sound like a legitimate entity, only to steal your information. Using both hacking skills and these social duping methods, someone is reportedly circulating a false Mandiant report that’s dropping Trojans onto victims’ computers.

Symantec says that the email sender claims to be from the press, who is recommending users to read the attached report. And by the looks of it, the report appears legitimate from a glance, thumbnail and all. The language of the email, based on the screen shot that Symantec displays, is in Japanese, and notes that the email may be sent in various languages. But here are a couple of pointers to ID the suspect email that Symantec points out: “Like in many targeted attacks, the email is sent from a free email account and the content of the email uses subpar language. It is obvious to a typical Japanese person reading the email that it was not written by a native speaker.”

Surprise, surprise, the delivery platform this hacker has decided to use is Adobe. When the victim opens up the attached PDF in the email, their computer is immediately infected. “The PDF file may drop Trojan.Swaylib and Trojan.Dropper, which drops Downloader,” Symantec researcher Joji Hamada writes. In some instances the Trojan masquerading as a PDF will drop malware.

Does this situation ring a bell? Just two weeks ago, Adobe had a zero-day exploit on their hands that would drop two DLLs (dynamic link library) onto the victim’s computer and would trick the computer into running malware. Well Adobe claimed to have patched that issue up, but with all of Adobe’s faults with Acrobat and Reader, it isn’t shocking that another vulnerability is being exploited. 

Editors' Recommendations

Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
Here’s how you can get The Last of Us for free from AMD
the-best-stealth-games-of-all-time

AMD has just announced a particularly well-timed bundle. If you're a fan of The Last of Us, be it the game or the show, you might find this deal worth picking up.

Starting today, you'll be able to score a free copy of the upcoming The Last of Us Part I for PC if you buy an AMD GPU. The chipmaker is also throwing in a discount on one of its best graphics cards.

Read more
LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more
Yes, you can use both Mac and Windows — here are some tips to get started
The keyboard of the MacBook Pro 14-inch on a wood surface.

I'm not a typical Windows or Mac user. Where most people choose one operating system and stick with it, I use both Windows 11 and MacOS regularly, going back and forth daily depending on my workflow. And it's easier to do than you probably think.

I have a fast Windows 11 desktop with three 27-inch 4K displays, and I use that for all my research-intensive work that benefits from multiple monitors. But for writing simple copy, and for personal tasks, I use a MacBook Pro 14 M1 Pro simply because I like it so much. It's not MacOS that draws me to the machine, but its battery life, cool yet quick operation, excellent keyboard and touchpad, and awesome HDR display. To stay sane, I've worked out a few tricks and techniques to make the constant switching bearable. Here's what I've learned.
Adjust to your keyboards

Read more