Spear-phishing campaign targeting Uyghurs used Microsoft vulnerability

Summary:Hacktivists have been luring Uyghurs and their supporters on Mac OS X to open e-mails with documents exploiting the MS09-027 vulnerability in Microsoft Office, which installs a backdoor allowing remote access.

A spear-phishing campaign against the Uyghur people has been uncovered whereby malicious e-mails leverage a security hole in Microsoft Office for Mac OS X to create a backdoor.

According to research by Kaspersky Labs and AlienVault on Wednesday, spear-phishing e-mails and highly targeted booby-trapped messages had been sent to Uyghurs or their supporters using Mac computers. The Uyghurs are an ethnic group living mostly in Eastern and Central Asia, primarily in the Xinjiang Uyghur Autonomous Region in China, who have long been seeking independence.

The e-mails had contained .doc files which exploited the MS09-027 vulnerability in Microsoft Office for Mac. This security hole allows miscreants to execute malicious code on the victim's unpatched machine when the document is opened.

File names had included "Concerns over Uyghur People's Fundamental Rights Under the New Chinese Leadership" and "Press Release on Commemorat Day of Mourning". When successfully opened, the attack installs a backdoor on the compromised Apple Mac, enabling hackers to remotely control the computer and spy on its user's activities.

Most attacks had taken place during 2012, but there had been a significant spike in the number of attacks during Jan 2013 and Feb 2013, Kaspersky Labs noted.

In June 2012, Kaspersky Labs' security researchers also intercepted a string of infected e-mails sent to Uyghur activists, which used a ZIP file containing a JPEG and a Mac OS X app which contained a Trojan. This latest campaign however, exploits a Microsoft Office vulnerability fixed back in 2009.

Other politically sensitive ethnic groups in the region, such as the Tibetian people, and human-rights organizations have also experienced similar spear-phishing campaigns that leverage software vulnerabilities, according to AlienVault.

fakedoc
An example of a fake document attached in e-mails sent to Uyghur supporters (Source: Kaspersky Labs)

 

Topics: Security, China, Malware, Microsoft

About

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.