Watch a Chinese military hacker launch a successful attack
Thanks to cybersecurity firm Mandiant, we now have a video of a hacker believed to be linked to the Chinese military infiltrating and stealing files from unidentified English language targets.
The video comes as part of Mandiant's 60-page report, first reported by the New York Times, that claims China's military is responsible for cyberattacks on more than 140 foreign businesses, many of which are in the United States.
In the video, a hacker is seen registering a Gmail account with a U.S. IP number, then verifying it with a phone number located in Shanghai. From the email account, the narrator says it is clear the attacker has used it for spearphishing, particularly "focused on military exercises in the Philippines." The attacker then installs command-and-control servers, tests them, and, after an hour of failed attempts to issue commands to a victim backdoor (which the video omits), uses stolen credentials to log into an email account. Once there, the attacker uses several tools to launch spearphishing campaigns and steal files.