back to article China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. We're told the security shop's industrial control systems (ICS) …

  1. Anonymous Coward
    Anonymous Coward

    "According to Kaspersky, the miscreants gained access to the enterprise networks via phishing emails, some of which included organization-specific information that wasn't publicly available."

    Kaspersky are Russian. It seems highly unlikely that "Eastern European countries" and "Ukraine" would allowing Russian anti-virus software on their networks, scanning their emails. It also seems very unlikely that Kaspersky would have access to their emails otherwise or be able to confirm "information that wasn't publicly available" for those organizations.

    Lots of this story doesn't quite ring true.

    Pinch of salt.

    1. DS999 Silver badge

      Belarus would, they are basically Russia Jr.

      But yeah I agree the idea that any important infrastructure in Ukraine would be using Kaspersky is kind of ridiculous.

    2. Potemkine! Silver badge

      that Kaspersky would have access to their emails otherwise

      If you believe emails are confidential, think again.

    3. Cuddles

      "It seems highly unlikely that "Eastern European countries" and "Ukraine" would allowing Russian anti-virus software on their networks"

      Have another read of the article. Those "Eastern European countries" include Belarus, Afghanistan* and Russia. Not countries likely to have many problems doing business with Russian companies. It's also noted that these attacks were detected in January, when plenty of people were still happy doing business with Russia and sanctions related to the current invasion were not in place.

      * That's the author's mistake. Kaspersky actually said "several East European countries (Belarus, Russia, and Ukraine), as well as Afghanistan", it's only The Register that puts Afghanistan in Europe.

  2. Anonymous Coward
    Anonymous Coward

    It's late 2022..

    .. and you can STILL infect infrastructure with Word macros.

    So, not only is TCO higher with Microsoft products, you're also way more vulnerable. Clearlythe perfect argument to keep running SCADA off this as well..

    1. Roland6 Silver badge

      Re: It's late 2022..

      Trouble is MS did release a fix for this back in 2017 for Office 2007, 2010, 2013 & 2016; but not for 2000 and 2003. Remember this vulnerability was first reported to Microsoft in circa 2001.

      Here we have an example of the problems with old and often unsupported software(*) and users still running with administrator privileges...

      A question is whether, given the large user base, MS have a responsibility to maintain update services for products that went EOL some years or even decades back, so that a new install of say Office 2007 on Windows7 or WINE gets all the updates. Obviously, if you are still running Office 2000 or 2003 you are out of luck as there was no update, your only solution is to uninstall Equation Editor.

      (*)Exception is Office 2016 doesn't go EOL until Oct 2025.

      One of the things that gets me about Windows 10 is that the Windows Update by default doesn't automatically update other Microsoft products; install Office and the default setting doesn't get changed to enabled, so you have to ensure this is set either as part of Group Policy or manually.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like