Researchers have discovered a spike in targeted attacks across the past couple of weeks targeting the Uyghur people, a Turkic cultural group established mainly in China and Kazakhstan.
The assaults have been exploiting a Microsoft Word vulnerability patched in June 2009, according to a Securelist post by Kaspersky Lab Senior Security Researcher Costin Raiu yesterday.
When victims open the file, they’ll see the real document but a second, fake document also pops up that drops a backdoor. The backdoor goes on to steal the user’s contacts, taking advantage of an old Word stack buffer overflow vulnerability (CVE-2009-0563).
AlienVault laboratories, which acted with Kaspersky Labs on the investigation, has posted its account of the espionage campaign, pointing out one of the rigged Word documents is ironically titled “Rise in possible state-sponsored hacking”.
Tibetan and Uygur human rights groups were also targeted earlier this year by a twofold watering hole campaign. That campaign exploited both a Java and Internet Explorer zero-day and infected machines with a remote control Trojan.
