The Chinese Underground Economy: the Hook007 Group

Thursday 6 October 09:00 - 10:30, Small talks

Claire Ma (Qihoo 360)
Thomas Tian (Qihoo 360)

China is one of the world’s Internet titans with over 600 million Internet users; unfortunately, this also makes it one of the biggest victims of cyber attacks.

The attacks of the Hook007 Group are the widest reaching and longest lasting thus far in our records. Their activities span several years, going back as far as 2007 when they started to create and spread malicious codes to steal user data and virtual property.

The total number of APT campaigns targeting China that have been unveiled by the 360 Helios Team has reached over 30. One of the published reports is about OceanLotus (APT-C-00) which has trojan variants specially designed for Mac OS as well as Windows versions. In this session, we will share some unpublished details of how we tracked down OceanLotus. Other APT campaigns such as APT-C-05, APT-C-06 and APT-C-12 will also be discussed.

Click here for more details about the conference.


Claire Ma

Claire is a member of the 360 Helios Team at Qihoo 360 and focuses on threat intelligence incident tracking and analysis. She has a passion for correlation study and attacker attribution analysis. As a novice, she has already participated in several major targeted attack research projects. Now she is also responsible for global business development of the 360 Helios Team.


Thomas Tian

Thomas joined Qihoo 360 in 2010. As the founder of the 360 Helios Team, his interests focus on reversing engineering, targeted attack analysis and security incident response. He has participated in revealing more than 30 major APT attacks/groups. Meanwhile, he is also dedicated to artificial intelligence and automation of malware analysis and now leads the QVM team in the 360 Anti-Virus Lab. Before joining 360, Thomas worked at both Rising and Comodo and has over ten years' experience in the security industry.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.