A newly uncovered hacking campaign is targeting industries including shipping and transport for the purpose of cyber espionage — with security researchers pointing to a well-funded and highly capable operation working out of China as the culprit.

Attackers have sent thousands of phishing emails loaded with trojan malware — primarily to organisations in India, Saudi Arabia and South-East Asia — with the intention of duping users into installing a malicious payload equipped with the capability to steal credentials and log keystrokes from infected systems.

Discovered by researchers at security firm LMNTRIX, the campaign has been dubbed ‘Special Ear’ after one of the phrases planted in the malware code. Special Ear has been active since May this year and provides attackers with remote access to compromised computers.

The malicious emails pose as messages which are regularly seen by businesses — such as purchase orders. One technique the attackers use in an effort to make the messages look more authentic is to use the top level domain of the country the spam is targeting.

A ‘Special Ear’ phishing email.


For example, targets in India are targeted from an address with a “.co.in” domain, while spam emails sent to organisations in Saudi Arabia featured a “.com.sa” domain.

“This customisation shows a level of sophistication as the attackers are attempting to give the emails a sense of legitimacy,” researchers said.

Delivered via a…