Chinese Hackers Build Attack Tools From Security Patches

August 24, 2013 Updated: July 18, 2015

Chinese hackers have found a quick road to developing cyberattacks. They wait for companies to patch their software, then create hacking software using information from the patch.

The newly-created hacking software can then be used to automatically hack computers and systems that failed to update.

Cybersecurity company TrendLabs observed this process in real time. It observed a group of Chinese hackers take a security patch, build an automated hacking tool, and then begin launching attacks.

It started close to a month ago when the Apache Software Foundation released an update to its popular Struts development framework after it found a vulnerability that would let hackers add code to servers.

TrendLabs stated on its Security Intelligence Blog on August 14 that it first noticed the tool on July 19, which was just three days after the security patch was released.

“We have observed attacks against Asian targets using this specific hacking tool, which indicates these Struts flaws are being actively exploited by potential threat actors in the wild,” it states.

The tool is meant to attack any Struts server that did not update their systems. Struts is a popular Web application development framework for Java, a coding language that lets people build software.

According to TrendLabs, with just a few clicks, the tool could be used to create a backdoor in a company’s server. Using that backdoor, a hacker can gain and maintain access to information, steal information, and hide evidence of attacks.

Follow Joshua on Twitter: @JoshJPhilipp