New "watering hole" attack plants malware at news sites to spy on Chinese dissidents

Share this article:
New "watering hole" attack plants malware at news sites to spy on Chinese dissidents
New "watering hole" attack plants malware at news sites to spy on Chinese dissidents

A fresh "watering hole" campaign that targets Chinese government dissidents is underway, according to security firm FireEye.

In a watering hole attack scenario, a trendy scheme used to conduct cyber espionage, a website frequented by a targeted victim list is seeded with malware so that when they visit the site, they are hit with the exploit. In this case, the exploit was being served from two Chinese news sites that are frequented by Chinese government dissenters. 

FireEye researchers Thoufique Haq and Yasir Khalid explained last week in a blog post that the ambush makes use of a vulnerability in Internet Explorer 8 that was just patched in Microsoft's March security update. And the bug is a likely candidate to be rolled into other exploits.

"This is clearly a targeted attack on a very narrow portion of the Chinese populous," the researchers wrote. "However, since cyber attackers are quick copycats, we expect this exploit to be replicated quickly."

Haq and Khalid said that based on the tactics used in the latest campaign, it resembles another watering hole attack launched late last year against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

In December, the site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye. The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.