NetworkWorld: Dell security researcher Joe Stewart says that the hackers who stole RSA SecureID tokens last spring had ties to China. According to Stewart, the individuals involved used two pieces of malware based on HTran, a common hacker tool that was developed in China. In addition, he has discovered that the malware was directing data traffic to two networks in China, which appear to be ISPs in Beijing and Shanghai.
“It’s not surprising that hackers using a Chinese hacking tool might be operating from IP addresses in the PRC,” said Steward’s report. “Most of the Chinese destination IPs belong to large ISPs, making further attribution of the hacking activity difficult or impossible without the cooperation of the PRC government.”