Spear-phishing campaign targeting Uyghurs used Microsoft vulnerability

Hacktivists have been luring Uyghurs and their supporters on Mac OS X to open e-mails with documents exploiting the MS09-027 vulnerability in Microsoft Office, which installs a backdoor allowing remote access.
Written by Ellyne Phneah, Contributor

A spear-phishing campaign against the Uyghur people has been uncovered whereby malicious e-mails leverage a security hole in Microsoft Office for Mac OS X to create a backdoor.

According to research by Kaspersky Labs and AlienVault on Wednesday, spear-phishing e-mails and highly targeted booby-trapped messages had been sent to Uyghurs or their supporters using Mac computers. The Uyghurs are an ethnic group living mostly in Eastern and Central Asia, primarily in the Xinjiang Uyghur Autonomous Region in China, who have long been seeking independence.
The e-mails had contained .doc files which exploited the MS09-027 vulnerability in Microsoft Office for Mac. This security hole allows miscreants to execute malicious code on the victim's unpatched machine when the document is opened.

File names had included "Concerns over Uyghur People's Fundamental Rights Under the New Chinese Leadership" and "Press Release on Commemorat Day of Mourning". When successfully opened, the attack installs a backdoor on the compromised Apple Mac, enabling hackers to remotely control the computer and spy on its user's activities.

Most attacks had taken place during 2012, but there had been a significant spike in the number of attacks during Jan 2013 and Feb 2013, Kaspersky Labs noted.

In June 2012, Kaspersky Labs' security researchers also intercepted a string of infected e-mails sent to Uyghur activists, which used a ZIP file containing a JPEG and a Mac OS X app which contained a Trojan. This latest campaign however, exploits a Microsoft Office vulnerability fixed back in 2009.

Other politically sensitive ethnic groups in the region, such as the Tibetian people, and human-rights organizations have also experienced similar spear-phishing campaigns that leverage software vulnerabilities, according to AlienVault.

An example of a fake document attached in e-mails sent to Uyghur supporters (Source: Kaspersky Labs)


Editorial standards