Chinese authorities are leveraging watering hole attacks and JSONP hijacking techniques to track down users who might attempt to hide their identity online, according to unified security management and threat intelligence company AlienVault.
The Chinese government keeps a close eye on the country’s Internet with the aid of the Great Firewall and other censorship systems. While the Great Firewall is highly efficient when it comes to tracking users and blocking them from accessing certain resources, the system can be bypassed using virtual private networks (VPNs) and the Tor anonymity network.
Researchers at AlienVault have observed a series of watering hole attacks that they believe allow the Chinese government to identify certain users who might be trying to keep their identity hidden.
It’s not uncommon for Chinese threat actors to use watering hole attacks to target certain user groups or sectors. The attacks analyzed by AlienVault have targeted the visitors of the Chinese-language sites of NGOs, Uyghur communities, and Islamic associations.
These types of organizations have been targeted since at least 2013. However, researchers say the latest series of attacks involve a novel technique.
The attackers first breach the websites whose visitors they are targeting, in this case Uyghur, Islamic and NGO sites. The threat actors then plant a malicious JavaScript file on the hacked website.
This file allows them to collect private information from other online services on which the visitors of the compromised websites are logged in. The attackers accomplish this via a technique known as JSONP (JSON with padding) hijacking.
JSONP allows JavaScript applications to bypass the same-origin policy (SOP) in web browsers and request data from servers on a different domain. JSONP works by taking advantage of the fact that SOP is not enforced on