Wednesday, August 7, 2019

"With warshipping, hackers [could] ship their exploits directly to their target’s mail room"

The researchers developed a proof-of-concept device — the warship, which has a similar size to a small phone — into a package and dropped it off in the mail. The device, which cost about $100 to build, was equipped with a 3G-enabled modem, allowing it to be remote-controlled so long as it had cell service. With its onboard wireless chip, the device would periodically scan for nearby networks — like most laptops do when they’re switched on — to track the location of the device in its parcel.

“Once we see that a warship has arrived at the target destination’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively, or actively, attack the target’s wireless access,”
Related: "China’s cyber-spies make money on the side by hacking video games":
The hacking group started its life at least as far back as 2012 like many other Chinese state-sponsored hackers: stealing intellectual property from the medical-device and pharmaceutical industries.


At the same time the group is conducting these geopolitical campaigns, it uses many of the same tactics to hack targets for financial gain.

APT41 has been seen compromising the supply chains of video-game companies. With access to a game’s production environment, the group generated tens of millions of dollars in the game’s virtual currency, which was then likely sold in underground markets.

It’s also used more classic cybercrime tactics, including a ransomware attack and extortion attempt against a game company when the game’s virtual currency wasn’t valuable enough to be monetized.
*Previously: "the first-ever ransomware attack went after AIDS researchers [in 1989]—and it was distributed on 5.25-inch floppy disks"