The Chinese Underground Economy: the Hook007 Group

Presented at VB2016, Oct. 6, 2016, 9 a.m. (90 minutes)

China is one of the world's Internet titans with over 600 million Internet users; unfortunately, this also makes it one of the biggest victims of cyber attacks. The attacks of the Hook007 Group are the widest reaching and longest lasting thus far in our records. Their activities span several years, going back as far as 2007 when they started to create and spread malicious codes to steal user data and virtual property. The total number of APT campaigns targeting China that have been unveiled by the *360* Helios Team has reached over 30. One of the published reports is about OceanLotus (APT-C-00) which has trojan variants specially designed for *Mac OS* as well as *Windows* versions. In this session, we will share some unpublished details of how we tracked down OceanLotus. Other APT campaigns such as APT-C-05, APT-C-06 and APT-C-12 will also be discussed.


  • Thomas Tian - Qihoo 360
    Thomas Tian Thomas joined Qihoo 360 in 2010. As the founder of the 360 Helios Team, his interests focus on reversing engineering, targeted attack analysis and security incident response. He has participated in revealing more than 30 major APT attacks/groups. Meanwhile, he is also dedicated to artificial intelligence and automation of malware analysis and now leads the QVM team in the 360 Anti-Virus Lab. Before joining 360, Thomas worked at both Rising and Comodo and has over ten years' experience in the security industry.
  • Claire Ma - Qihoo 360
    Claire Ma Claire is a member of the 360 Helios Team at Qihoo 360 and focuses on threat intelligence incident tracking and analysis. She has a passion for correlation study and attacker attribution analysis. As a novice, she has already participated in several major targeted attack research projects. Now she is also responsible for global business development of the 360 Helios Team.


Similar Presentations: