A malicious campaign that started last summer is once again targeting Uyghur activist groups in China. The latest developments in this year-long fight is a new variant of the documents used to target the activists earlier this year.
F-Secure reported that the variant was submitted to VirusTotal April 11 in China. The malicious email attachment uses an author tag of IUHRDF, which could be the International Uyghur Human Rights & Democracy Foundation. The payload itself is the same, a backdoor that targets Max OS X, and it targets vulnerabilities in Microsoft Word.
This latest attack has a history, as it’s tied to the “Luckycat” attacks that were discovered over a year ago by Kaspersky Lab and Trend Micro targeting Tibetan activists as well as people connected to military research, and aerospace and energy companies in India and Japan. Unlike this recent attack, the earliest version of the campaign targeted Java vulnerabilities.
While the payload remains the same, the method of infection changes depending on the latest software vulnerabilities. In June 2012, the person(s) controlling the campaign targeted activists by embedding a malicious JPEG photo and OS X application within a ZIP file.
Additional levels of attack against the activists also include malicious Android packages (APK), which were delivered last month. This twist targeted both Windows and Mac users. That campaign referenced the “World Uyghur Congress.” Shortly before Android, the attackers focused on PDF vulnerabilities.
“Although some of these attacks were observed during 2012, we’ve noticed a significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment,” Kaspersky’s Costin Raiu said of the previous version of this latest attack.
“With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users. In general, Mac users operate under a false sense of security which comes from the years old mantra that ‘Macs don’t get viruses’…”
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
