Hackers leave trail of clues

Researchers say they have a wealth of clues - but no clear answers - as to the identity of those behind a series of newly discovered cyberattacks targeting Russian and Eastern European embassies, oil companies and military officers.

"The level of misdirection is impressive," said Hugh Thompson, a security strategist at Blue Coat Systems Inc, which is publishing a report on the malware campaign on Wednesday.

Blue Coat says the malware - nicknamed "Inception" after the complex dream heist movie starring Leonardo DiCaprio - has been attacking mainly Russian or Eastern European targets in the fields of diplomacy, energy and finance.

The Blue Coat report says researchers found signs hinting at the hackers' identity, but that they're all over the map.

For example, some of the malicious code carries words in Arabic and Hindi. Another piece of code carries the words, "God Save The Queen". A third clue, suggesting Chinese involvement, appears to have been left on purpose after the attackers realized they were being watched.

Kaspersky Lab researcher Costin Raiu, who is familiar with the malware, links the code to "Red October", a Russia-focused campaign his company uncovered early last year. Raiu points to similarities in the attackers' "philosophy and style" and says several of the same targets were hit.

(China Daily 12/11/2014 page10)