A cyber-espionage network based in China and dubbed ‘Shadow’ has been tracked and documented by researchers in the USA and Canada. ‘Shadow’ targeted computers in several countries, including systems belonging to the Indian government and military.

The cyber-espionage ring behind ‘Shadow’ used social media and blogs to control computers they had compromised using malware.

PC World tells how the Shadow network of compromised computers was detailed in a report released today by the wonderfully titled Information Warfare Monitor – a project involving researchers at the University of Toronto’s Munk Center for International Studies and Canadian-based security experts, The SecDev Group – and the Shadowserver Foundation. Targeted malware is believed to have allowed the attackers to compromise specific computer systems.

The cyber-espionage ring behind the Shadow network, which was traced to Chengdu, in China’s Sichuan province, used social media and blogs to control computers they had compromised using malware. “In total, we found three Twitter accounts, five Yahoo Mail accounts, 12 Google Groups, eight Blogspot blogs, nine Baidu blogs, one Google Sites and 16 blogs on blog.com that were being used as part of the attacker’s infrastructure,” the report said, noting that these services were being misused and were not compromised.

These services helped the attackers to circumvent efforts that might otherwise have blocked their access to compromised systems. The researchers were able to document a network of compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations as well as numerous other institutions, including the Embassy of Pakistan in the United States.

“The use of social networking platforms, blogs and other services offered by trusted companies allows the attackers to maintain control of compromised computers even if direct connections to the command and control servers are blocked at the firewall level,” the report added said. It also noted that the primary focus of the attackers appears to be the Indian government.

The “vast majority” of the 44 compromised computers identified by the researchers are either in India or belong to Indian government and military organizations, the report said, citing an analysis of stolen documents recovered from the Shadow network.