Forgot your password?
typodupeerror
China Crime Security IT

Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners 93

Posted by timothy
from the location-location-location dept.
wiredmikey (1824622) writes China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network. Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said.
This discussion has been archived. No new comments can be posted.

Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

Comments Filter:
  • by toejam13 (958243) on Saturday July 12, 2014 @03:32AM (#47436899)

    They are probably using Windows XP Embedded (XPe), which is a customizable version of the OS. Customers can strip the OS down to only the components they need, significantly reducing the footprint of the OS.

    XPe benefits from being able to use standard XP hardware drivers. Sometimes a driver simply isn't available for Linux, QNX, VxWorks or other embedded OSes. That's one reason that OS/2 based ATMs are disappearing - not because of security, but because drivers for newer card readers don't exist.

    Lastly, you'd be surprised at what a modern scanner looks like. It doesn't just read barcodes and go beep. My workplace uses scanners for inventory tracking, and they come with a full GUI where we can associate new parts with a chassis, report drives being shredded, and just about anything you can think of inventory related.

  • Re:Problem traced (Score:5, Informative)

    by plover (150551) on Saturday July 12, 2014 @07:32AM (#47437271) Homepage Journal

    The "scanner" portion of these devices is typically an embedded system that drives a hardware sensor, and speaks USB out the back side. You could probably open one up, solder a cable to the right points on the scanner board, and you'd have exactly the simple and transparent scanner you requested.

    But because the business wants a truckload (no pun intended) of functionality out of these scanners, they need it to have more capabilities. First, it needs to be on the network, or it won't give them any benefit. Next, it needs to be multi-tasking so it can display alerts, etc. Its primary task may be to inventory the stuff coming off a truck, its other tasks may include assigning work items to line employees, displaying alerts on the supervisors' screens, punching the timeclock for breaks, and possibly even employee email. To a lot of businesses, a browser based interface lets them run whatever kind of functions they want, without the expense of continually pushing a bunch of apps out to a bunch of random machines. So taking all that together, embedded XP is one (bloated) way of meeting all that.

    So while the scanner itself is simple, it's the rest of the hardware in the device that was infested with XP and other malware.

Never trust a computer you can't repair yourself.

Working...