China implicated in flood of email-borne attacks

Nearly a third of all targeted attacks last month originated in China

China is the number-one source of email-borne targeted attacks of the sort Google and at least 30 other companies are believed to have suffered, according to the latest monthly MessageLabs Intelligence report from Symantec Hosted Services.

The firm analysed the email headers of suspect messages intercepted last month to identify the true IP address of the senders, and found that around 28 per cent of targeted attacks originated in China.

The emails described by Symantec Hosted Services are targeted in low numbers at key figures in an organisation, and contain legitimate-looking but malicious attachments. They are similar to those understood to have been used by Chinese hackers to infiltrate Google's systems.

The findings chime with what many commentators have been saying about the Google hacks, in that they represent just the tip of the iceberg with respect to global attacks of this kind.

"These targeted attacks are very low in number, individually targeted and the attackers have done their reconnaissance beforehand," explained Symantec Hosted Services senior analyst Paul Wood.

"The most targeted roles were director, senior official, vice president, manager and executive director."

Interestingly, the vendor found that the most frequently targeted individuals were experts in 'Asian defence policy', 'international finance' and 'diplomatic mission', illuminating the potential end goal for the hackers.

The report also identified the UK as the most active country for phishing attacks in March, with a tally of one in 254.8 emails intercepted.

"The availability of phishing toolkits has lowered the barrier to entry and made it much easier to launch these types of attack," said Wood.