Mandiant’s APT1 report, which linked a 12-storey building in Shanghai, China, to Chinese government sponsored espionage is now being used as bait to entice users into installing a piece of malware known as Trojan.Pidief.
According to security firm Symantec, hackers are using the popularity of the report to trap unsuspecting users. Multiple fake versions of the .pdf file are in circulation and, when opened, they will display a blank page. In the background, however, the exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability (CVE-2013-0641) is run.
“Today, Symantec has discovered someone performing targeted attacks is using the report as bait in an attempt to infect those who might be interested in reading it. The email we have come across is in Japanese, but this does not mean there are no emails in other languages spreading in the wild. The email purports to be from someone in the media recommending the report.”
The origin of this fake PDF file is a matter of debate, though the government of China have been keen to stress that they are not the aggressors and are, themselves, routine victims of cyber espionage on a grand scale. There may be some truth to that too based upon the findings of Trend Micro’s Tom Kellerman.