China is the number-one source of email-borne targeted attacks of the sort Google and at least 30 other companies are believed to have suffered, according to the latest monthly MessageLabs Intelligence report from Symantec Hosted Services. The firm analyzed the email headers of suspect messages intercepted last month to identify the true IP address of the senders, and found that around 28 percent of targeted attacks originated in China.
The emails described by Symantec Hosted Services are targeted in low numbers at key figures in an organisation, and contain legitimate-looking but malicious attachments. They are similar to those understood to have been used by Chinese hackers to infiltrate Google’s systems.
The findings chime with what many commentators have been saying about the Google hacks, in that they represent just the tip of the iceberg with respect to global attacks of this kind. "These targeted attacks are very low in number, individually targeted and the attackers have done their reconnaissance beforehand," explained Symantec hosted services senior analyst.
"The most targeted roles were director, senior official, vice president, manager and executive director."
Interestingly, the vendor found that the most frequently targeted individuals were experts in 'Asian defence policy', 'international finance' and 'diplomatic mission', illuminating the potential end goal for the hackers.