KeyBoy: Could a Phishing Scam Be Signaling the Future of Modern Warfare?


We’re all familiar with the usual phishing schtick: a suspect email containing an embedded link just begging to be clicked. In May of this year, the GoogleDocs hackers put a new twist on the scam by infiltrating Google and sending document requests to users from recognized contacts. And now, the document scam has struck again.

KeyBoy, a Chinese hacker group that has previously targeted only eastern countries, has now gone to work on American servers, hacking computers using fake Microsoft Word documents. The scam works this way: the user receives an email containing a Word document called “Q4 Work Plan.” Once opened, the document claims to require updating—running that instruction in turn runs a fake DLL payload, which installs a dropper on the hacked server. Once the system has been infected, the “spy malware” goes to work taking screenshots, browsing and downloading files, and generally collecting information about the server. Ultimately, it can use this information to steal from, and even shut down, the target system. And because the virus’ path into the system is so well-disguised, it’s difficult for even the most seasoned IT experts to recognize the infection. Which means that the virus can be covertly lodged in the server until it decides to make its big move.

But far worse than what KeyBoy actually achieves is the potential motive behind the campaign. Security researchers are now calling the virus an act of “economic espionage,” enacted on American corporations by data-seeking Chinese hackers. KeyBoy first came into the spotlight a few years, when it targeted systems in Taiwan and Hong Kong. But those would only have been acts of “domestic surveillance,” not espionage against a foreign country.

Of course, KeyBoy’s tie to the Chinese government has not been confirmed. But the possibility brings to light an important issue. As the twenty-first century progresses and our daily activities—both the mundane and the big-picture—happen more and more within the cybersphere, warfare itself takes on a new shape. Cyber espionage is not the exception, some odd one-off in which a hostile country targets our systems in order to target our citizens. It must be the new norm. Nuclear warfare has, and always will, devastate countries. But gathering information from servers across our country, not to mention infiltrating and infecting them to the extent of actually being able to shut them down one by one, also has the terrifying potential to bring us to our knees.

While this might not be a turn we expected cyber security awareness to take, the reality of our current situation is that protecting our systems and building up our knowledge of cyber threats could easily have implications not just for personal or corporate security, but for homeland security. KeyBoy isn’t messing around when it comes to spy malware. So why are we? What do the stakes have to be before we finally realize that clicking on a Word document that we weren’t expecting, that perhaps even comes from an unknown sender, is a recipe for disaster?
As organizations prioritize their programs and efforts, cyber security training must start taking center field. It’s not just another box to check on the way to compliance. Putting users through anti-phishing training, teaching them what warning signs to look for and what best practices to follow when dealing with potentially infected emails, could prevent not just a mild IT inconvenience, but a massive security breach with implications for our nation’s security. “Think before you click” has never been more crucial. Don’t leave yourself open to any risks, big or small: you never know what a system breach could mean or what a hacker could be using it to achieve. Cover your bases and strengthen your organization by instituting regular anti-phishing training and refresher courses, and by making discussions about cyber security a core facet of your workplace culture. GLS provides customized training plans that emphasize anti-phishing, as well as informative and engaging communication materials like posters and newsletters. Together, we can help forge a culture of awareness and robust cyber security practices that will be able to stand up against any attack. And the first step to being safe form spy malware is incredibly simple.

What Can You Do?

Learn more about organizational security and how GLS’s Anti-Phishing Simulation Tool Can Help
Phish Testing and Simulation Tool

GLS Logo

Enjoying our cybersecurity blogs?

Try out our weekly security awareness tips, sent directly
to your inbox.
GLS Logo

Your download is complete!

Need more training?