New Chinese government malware campaign targeting aerospace and defense

Operation “Beebus”—similar to operation “Shady RAT,” which was first detected in April 2011—is designed to steal information. It begins its infiltration with spear-phishing emails and drive-by downloads as a means of infecting end users. Malicious whitepapers or PDFs are mailed to targets using known vulnerabilities. Malware is able install Trojan backdoors on vulnerable systems, which communicates with a remote command and control (CnC) server. These attackers use procedures and tools identical to the RSA hack.

Takeaway: Don’t blindly trust the next free “whitepaper” that you receive in your email from an unknown sender or possibly even known sender.