APEC Host Committee Spear-Phished by China

An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland.

An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland.

As Threatpost reported yesterday, computers belonging to the East-West Center, which organizes the Summit, may have been compromised. Social Security numbers, birth dates, and other personal information belonging to members of the APEC Summit’s host committee may have been exposed in the breach.

That information was requested as part of security screening in advance of meetings with US President Barack Obama, who attended the Summit.

According to the Kahu Security analysis, the information was gleaned through an email targeting a key individual within the organization. The email, received October 26, purported to come from a Hawaii-based real-estate company but contained a malware with backdoor capabilities hidden in a malicious PDF file attachment. When opened, the malicious PDF exploits a known vulnerability in Adobe Flash Player (CVE-2011-0609).

Once infected, the computers attempt to communicate with a remote Website and receive instructions to download and upload files, execute arbitrary code and carry out commands issued by the remote attackers. 

The server with which the malware communicates is  located in Arkansas, but other servers supporting the domain are located in various cities in China.

The FBI has declined to confirm or deny that it is investigating the incident, which could be an effort to glean access on world leaders. 

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.