Chinese Hackers Target US Government Agencies by Mailing Malware CDs

Chinese Hackers Target US Government Agencies by Mailing Malware CDs

Beyond phishing attacks, Chinese hackers are reportedly resorting to old-fashioned ways in their hacking campaigns by mailing CDs loaded with malware to a number of U.S. state and local government agencies.

It’s a crude way of getting things done but the Multi-State Information Sharing and Analysis Center has warned U.S. government officials of the Chinese campaign that sees state institutions receiving China-postmarked envelops containing discs with Word documents littered with viruses. As KrebsonSecurity reports, the recipients include state-level archives, historical societies and one Department of Cultural Affairs have all received the letters specifically addressing them, according to the MS-IAC.

A preliminary analysis of the CDs reveals contents of Mandarin-language Microsoft Word files embedded with malicious Visual Basic scripts. The letter also includes a “confusingly worded typed letter with occasional Chinese characters”, according to the report.

Pictured: The envelope and the mini-CD containing the malware.

The MS-IAC did not reveal if anyone of the targeted agencies used or inserted the discs. It is highly unlikely, of course, since the Chinese postmarks and strange letters would have triggered the suspicions of officials. Furthermore, there’s no guarantee that the agencies’ computers still have optical drives in the age of USB drives.

While an investigation is still underway, it isn’t entirely clear what the hackers’ exact intent was at the present time, given their means to use a physical delivery mechanism compared to a phishing attack.

Image credit: Pexels.