Reserve Bank of Australia Hacked by Chinese Malware

According to Australian Financial Review report on Monday, the Reserve Bank of Australia (RBA) was hacked by hackers who infiltrated its networks and allegedly stole information using a Chinese piece of malware.

After investigations they found multiple computers had been compromised by malicious software seeking intelligence. Several RBA staffers including heads of department were sent the malicious emails over two days, but it isn't known if the malware executed and succeeded in capturing information from the compromised computers.

 The malware consisted of a web address that linked to a zip file that contained a Trojan which at the time was not detected by the anti-virus program, according to the bank. 

A Defence department spokesperson said: “The government does not discuss specific cyber incidents, activities or capabilities. [Doing so] could jeopardise ongoing investigations, monitoring of cyber incidents and the ability to protect information and networks.”

Documents also showed that six users clicked on the link contained in the mail. All of the six workstations affected did not have local administrator rights, so the virus could not spread.

Reliance Netconnect website hacked by Brazilian hackers

Reliance Netconnect's website has been targeted by Brazilian hackers and the website's inside pages replaced by the following message:

Hackeado por HighTech Brazil HackTeam
No\One - CrazyDuck - Otrasher - L34NDR0

While the regular content loads just fine you type in www.reliancenetconnect.co.in, visiting any of the inside pages or typing www.reliancenetconnect.co.in/index.php displays the above message.

The hackers also targeted the website of South Africa's TopTV. Reason or motivation behind the hacking isn't clear yet. The attack was first spotted by the team at The Hacker News.

Anonymous hacked into Reliance's servers in such a way that users trying to access Facebook, Twitter, Google, Gmail and Yahoo were greeted by a message criticising the Indian government and ISPs for cracking down on Internet freedom.

 The same hacker or group of hackers have also defaced the PG Glass website. The PG Glass home page currently (2 January at 09:30) displays the message “Hackeado por HighTech Brazil HackTeam…

Council on Foreign Relations Website Hacked

The Council on Foreign Relations website was infected around Dec. 21 with a Trojan that exploited a previously unknown, or zero-day, flaw in older versions of Internet Explorer, setting up visitors using IE for a drive-by download infection.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said in a security advisory posted Saturday. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Microsoft is working on a fix, but in the meantime recommends that Windows users who cannot upgrade to newer versions of Internet Explorer set their Internet and intranet security-zone settings to "High," to set up alerts before running Active Scripting and to install the free Enhanced Mitigation Experience Toolkit. [Update: Microsoft has posted a "fix-it," a script that temporarily fixes the problem while the company continues to work on a full patch.

FireEye, a Milpitas, Calif.-based information-security company, confirmed the CFR website was hosting malicious code in the form of a rigged Adobe Flash file.

In its blog posting, FireEye noted that the code associated with the malware also restricted its victims to only systems using English, Russian, Chinese, Korean or Japanese, and that some internal code used simplified Chinese characters, as used on the Chinese mainland.

Chinese state-sponsored hackers have been suspected in dozens of major information-stealing network attacks on Western governments, corporations and organizations over the past half decade.

Such attacks are often politely termed "advanced persistent threats," and while most of the evidence points to China, few of the suspicions have been proven.