An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland.
As Threatpost reported yesterday, computers belonging to the East-West Center, which organizes the Summit, may have been compromised. Social Security numbers, birth dates, and other personal information belonging to members of the APEC Summit’s host committee may have been exposed in the breach.
That information was requested as part of security screening in advance of meetings with US President Barack Obama, who attended the Summit.
According to the Kahu Security analysis, the information was gleaned through an email targeting a key individual within the organization. The email, received October 26, purported to come from a Hawaii-based real-estate company but contained a malware with backdoor capabilities hidden in a malicious PDF file attachment. When opened, the malicious PDF exploits a known vulnerability in Adobe Flash Player (CVE-2011-0609).
Once infected, the computers attempt to communicate with a remote Website and receive instructions to download and upload files, execute arbitrary code and carry out commands issued by the remote attackers.
The server with which the malware communicates is located in Arkansas, but other servers supporting the domain are located in various cities in China.
The FBI has declined to confirm or deny that it is investigating the incident, which could be an effort to glean access on world leaders.