China-based hackers used Microsoft’s TechNet for attacks

Microsoft has taken steps to stop a China-based hacking group from using its TechNet website as part of its attack infrastructure, according to security vendor FireEye.

The group, which FireEye calls APT (advanced persistent threat) 17, is well-known for attacks against defense contractors, law firms, U.S. government agencies and technology and mining companies.

TechNet is highly trafficked website that has technical documentation for Microsoft products. It also has a large forum, where users can leave comments and ask questions.

APT17—nicknamed DeputyDog—created accounts on TechNet and then left comments on certain pages. Those comments contained the name of an encoded domain, which computers infected by the group’s malware were instructed to contact.

To read this article in full or to leave a comment, please click here