Chinese hacker group APT 12 returns with updated tools

The APT 12 group of hackers, thought to have links to the Chinese People's Liberation Army, has
launched several new attacks after a few months of inactivity.
The group received widespread media coverage in January after a large security breach at The New York Times and several other high-profile companies, which shed some light on their methods and manner of operation.

APT 12 seem to have made a reappearance in May, using new versions of Backdoor.APT.Aumlib and Backdoor.APT.lxeshe, as well as command and control infrastructures used previously to target Taiwanese companies and an international finance and economic policy group.
The hackers have reportedly made a few changes to the network communication protocols in their malware to ensure that the traffic patterns generated are different to those seen in older versions of the programmes. It would seem that the group hopes these changes will allow them to avoid discovery by intrusion detection systems.

The evolution of these malware types marks a significant step, as before this Aumlib had not been modified since May 2011 at least, while lxeshe has not changed since at least December 2011. It’s possible that there are currently ongoing attacks using these updated versions of the malware. Ned Moran, senior malware researcher at FireEye, recommends that companies 'ensure that their detection tools are also able to identify these new variants’.

If you’re worried about the security of your network or personal computer, then using a VPN service can help to protect your private data from prying eyes - allowing you to surf anonymously and encrypt your internet traffic for increased security.