Friday, March 8, 2019
Home / Malware / Attacks targeting Uyghur Users Researchers Discover

Attacks targeting Uyghur Users Researchers Discover

Researchers have discovered a spike in targeted attacks across the past couple of weeks targeting the Uyghur people, a Turkic cultural group established mainly in China and Kazakhstan.

The assaults have been exploiting a Microsoft Word vulnerability patched in June 2009, according to a Securelist post by Kaspersky Lab Senior Security Researcher Costin Raiu yesterday.

When victims open the file, they’ll see the real document but a second, fake document also pops up that drops a backdoor.  The backdoor goes on to steal the user’s contacts, taking advantage of an old Word stack buffer overflow vulnerability (CVE-2009-0563).

AlienVault laboratories, which acted with Kaspersky Labs on the investigation, has posted its account of the espionage campaign, pointing out one of the rigged Word documents is ironically titled “Rise in possible state-sponsored hacking”.

Tibetan and Uygur human rights groups were also targeted earlier this year by a twofold watering hole campaign. That campaign exploited both a Java and Internet Explorer zero-day and infected machines with a remote control Trojan.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …