back to article Beijing-backed gang looted IP around the world for years, claims Cybereason

Infosec outfit Cybereason says it's discovered a multi-year – and very successful – Chinese effort to steal intellectual property. The company has named the campaign "Operation CuckooBees" and attributed it, with a high degree of confidence, to a Beijing-backed advanced persistent threat-slinger going by Winnti – aka APT 41, …

  1. Pascal Monett Silver badge

    Wait, what ?

    There are undocumented Windows logs ?

    After all these years and hundreds of millions of users, Borkzilla still manages to create log files that nobody knows about ?

    1. ShadowSystems

      Re: Wait, what ?

      They just renamed *.log to *.l0g and figured nobody would catch on. I only figured it out because my screen reader says "lzerog" instead of "log", so it was rather blatant.


      I'll get my coat, it's the one with the sleeves that fasten in the back. =-Jp

      1. b0llchit Silver badge

        Re: Wait, what ?

        I'll get my coat, it's the one with the sleeves that fasten in the back.

        It has been logged.

    2. david 12 Silver badge

      Re: Wait, what ?

      This is a log system. Like LogJS. MS does not "create a log file that nobody knows about". Applications may use it to create logs. Like LogJS....

    3. Blazde

      Re: Wait, what ?

      This is a huge scandal. Could there even be un-logged documents around somewhere too?

    4. Trixr

      Re: Wait, what ?

      If you know what they did with actually-useful WindowsUpdate.log by ditching the text and converting it to some mystery binary format (probably this one) that could not be read by any of their existing tools (like Message Analyser), and requires a stinking powershell command (the command, not powershell) to convert into a readable format, meaning it can't be tailed in real time, this is 100% no surprise whatsoever.

      I wonder if this will stop MSFT inventing all manner of logs that are unreadable by consumers, are also apparently zero use for diagnostics (never once had a support engineer request anything of that nature, admittedly I don't work with desktop systems), and which consume considerable amounts of space at times. I get the need for faster logging at times, but the ETL type should be very limited in size and meaningful output sent to the existing event logs (zillions of those these days too) or a text file.

      Including some of their monitoring apps, like the ATP sensor service. One of them DOES log to a text file, and seemingly is a spew of all the .NET activity inside the app with absolutely no way of configuring it to "error only" or something that doesn't churn away constantly.

  2. naive

    Are there still organisations who use Windows to store valuable information ?

    Those who summoned the dementors of information security by transferring large sums of money to Redmond should blame themselves.

  3. sreynolds

    If only ...

    They had used these resources to produce better quality knock offs rather than to steal IP, imagine how far ahead of us the Middle Kingdom could be right now. I'd say trying to keep up with the west was an opportunity squandered. They could have had Quantum computing and fusion working by now.

    1. BOFH in Training Silver badge

      Re: If only ...

      They are presumably following the playbook used by Japan and Taiwan, etc. Didn't the US also start out that way, ignoring European IP protection for books, music, etc early on before they started to produce their own IP as well which needed protection?

      Copy / emulate earlier on, then start creating your own once you got your industry moving.

      Give them a few more years, and they will need IP protection for their own stuff, at which point they will also protect other's IP as well.

    2. martinusher Silver badge

      Re: If only ...

      >They could have had Quantum computing and fusion working by now.

      Maybe a DiY space station and a Mars rover as well, you never know.

      Seriously, though, the metric to watch is how many Chinese institutions and people are working on advanced technologies. This is what politicians are belly aching about -- academics have been working with Chinese counterparts for many years but instead of seeing this as a mutually beneficial partnership its obviously our precious IP being leaked to the Middle Kingdom.

      As anyone who actually works on the bleeding edge will tell you its not the actual technology that's the issue, its the commercialization that's the important bit. Politicians tend to be like screenwriters -- they figure that 'the blueprint' is all you need to know to duplicate a machine or process.

  4. SloppyJesse

    Who'd write logs in a binary format?

    ... an undocumented file format that can be accessed through APIs but can't be parsed. "

    Who'd create a binary logging system that could hide data from admins?

    Glad Linux continues to use text logs and hasn't bought into this hard to read logging concept.

    1. David 132 Silver badge

      Re: Who'd write logs in a binary format?

      > Glad Linux continues to use text logs and hasn't bought into this hard to read logging concept.

      Yes, thank goodness no Linux system does anything like that.

      1. MacroRodent

        Re: Who'd write logs in a binary format?

        Haha, sure. Anyway the systemd log format is openly documented here:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like