Ke3Chang kerching: naked Carla Bruni led Chinese hackers to G20 diplomats

FireEye researchers had monitored a server, one of 23, used by the Ke3chang group in August. This enabled them to observe the malware in action, although FireEye says no data was stolen as far as they were aware during this period of observation. Naturally the security firm contacted the relevant authorities as soon as it realised what was underway. The circumstantial evidence collected at the time leads FireEye to believe that Chinese hackers were carrying out the attacks, although it admits it could also have been 'other actors' making it look like the Chinese were to blame. In the murky world of international espionage, such things are never usually clear cut. If it were a matter of misdirection, then it would appear to be a cleverly crafted one with Chinese words on the CnC control panels, servers registered in China and linguistic clues within the malware binaries pointing towards a Chinese coder.