Cyber Squared researchers recently uncovered a targeted attack on Chinese political activists that was staged via a malicious Twitter account, @hahadaxiao1, rather than using spear phishing e-mail messages (h/t Threatpost).
According to Cyber Squared cyber threat analyst Wes Hurd, the account was used to send tweets to three specific Twitter users on February 28, 2013. The tweets contained links to two different compromised sites -- a Chinese language forum and a Tibet-related WordPress blog -- which downloaded CVE-2013-0634 Adobe Flash SWF exploits with embedded DLL payloads.
The researchers informed Twitter Security of the malicious account's activity on March 2, 2013, but it still appears to be operational.
The three Twitter users who were targeted were a person affiliated with a Tibetan independence movement, an account linked to a Chinese language blog, and an account linked to Chinese language political activisim.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"All of the tweet recipients share characteristics that would be of interest for Chinese government sponsored cyber espionage actors, and are related to entities that are known targets of Chinese APT," Hurd writes.
According to Hurd, it's important to keep in mind that social networking sites can be used to launch targeted attacks without using traditional e-mail spear phishing techniques.
"Many enterprise security teams often overlook, or fail to consider, how online profiles within social networking sites (SNS) can be leveraged as an initial attack vector and how online profiles can be used to enable follow on targeting of key personnel," he writes.