The Chinese-based attackers who were behind a high-profile attack on the New York Times are back with "new and improved" versions of their malware.

Chinese New York Times Hackers Return New Improved Malware
Passwords for every single New York Times employee were stolen over a four month period by hackers originating in China. (Credit: Reuters)

Back in January it was revealed that a group of Chinese hackers had been carrying out an attack on the New York Times for four months. Following the discovery of the attack and the hackers being kicked out of the newspaper's systems, they went silent.

Now the group has returned and appear to be mounting attacks using "new and improved" versions of the malware it has already used.

The news comes from security firm FireEye which believes the group are using new versions of cracking tools called Aumlib and Ixeshe. The researchers spotted the updated malware when analysing an attack on an organisation involved in "shaping economic policy."

Evasion

Researchers with FireEye Nart Villeneuve and Ned Moran said that the updated version of Ixeshe, which has been around since 2009 and was used to attack targets in East Asia, now uses new network traffic patterns in a bid to "evade traditional network security systems."

According to the researchers, the decision to retool such large and successful pieces of malware as these was not a decision taken lightly and while FireEye cannot say for certain that the change came about as a result of the intense scrutiny the group came under, it does know the change happened quickly.

"We do know the change was sudden. Akin to turning a battleship, retooling [techniques, tactics, or procedures] of large threat actors is formidable. Such a move requires recoding malware, updating infrastructure, and possibly retraining workers on new processes," Villeneuve said.

Observing

The attack on the New York Times began in October of last year and lasted for four months, though for most of that time Mandiant was observing the activity of the attackers in an attempt to figure out who they were and where they were located.

While China has been accused on numerous occasions of cyber-espioage, Chinese authorities have consistently denied these accusations. And while it is certain that China is involved in attacks on other countries, it is not alone with the US, Russia, UK and Israel all carrying out similar attacks on other countries. 

In May of this year one senior Pentagon official told the New York Times that "this is something we are going to have to come back at time and again with the Chinese leadership," who, he said, "have to be convinced there is a real cost to this kind of activity."

In July, US Treasury Secretary Jack Lew said he will continue to press China in regards to cyber-security, focusing specifically on the theft of intellectual property belonging to private and public businesses.