Chinese cyber-attack tools continue to evolve

We believe these statistics are significant because it clearly shows that the United States, as well as China, has a lot of vulnerable computers that have been compromised and are being used as bots to launch cyber attacks. And although some of these bots could certainly be controlled by hackers outside of China, there are numerous instances where Chinese hackers will compromise large networks within their own country and use them as bots to attack other organisations. For example, entire university networks in China will belong to local hacker groups. With the growth of cyber-crime comes the increase of new cyber-tools. The level of sophistication and capabilities of Chinese-authored exploit toolkits are increasing rapidly, and cannot be ignored.

In this article, we are exploring a Chinese toolkit called 'Leopard in a Hole' obtained from a source in China. We have seen price quotes for this tool range from $20 to $500.

According to the tool's author, the purpose of the tool is to aid penetration testers in identifying and exploiting SQL injection flaws. This article will demonstrate the tool from an attacker's perspective, as an unscrupulous user may decide to use the tool for any purpose he or she deems fit.