Serviceteam IT Security News

Chinese Phishing Attack Targets High-Profile Uyghurs

Security researchers have discovered a new Chinese phishing campaign targeting the ethnic minority Uyghur group with emails impersonating the United Nations and others.

Check Point and Kaspersky teamed up to lift the lid on the attacks, which spoof not only the UN Human Rights Council (UNHRC) but also a fake human rights organization called TCAHF, targeting Uyghurs applying for grants.

As well as emailed documents from the ‘UNHRC’ designed to trick individuals into installing a Windows backdoor, the researchers discovered a phishing website branded with the details of the fake human rights organization.

This aims to convince victims into downloading a .NET backdoor, by disguising it as a ‘security scanner,’ which is necessary to install due to the sensitive nature of the information needed for a grant application.

Most of the website’s content is apparently copied from a legitimate Open Society Foundations site.

Kaspersky and Check Point have discovered only a handful of victims in Pakistan and China, where around 12 million Uyghurs live in the north-west Xinjiang region. Reports suggest the authorities there have erected concentration camps in a ghoulish state-sanctioned scheme involving forced sterilisations and mass ‘re-education.’

Amidst an international furore and mutterings of countries boycotting the Beijing Winter Olympics in 2022, it has become a serious geopolitical issue for China’s leaders.

The research teams assigned the activity to a Chinese-speaking threat actor with low to medium confidence. They found excerpts of the code in malicious macros used in the attacks which were identical to VBA code appearing in multiple Chinese forums, and which may have been copied direct from there.

“These attacks clearly utilize the theme of the UNHRC to trick its targets into downloading malicious malware. We believe that these cyber-attacks are motivated by espionage, with the end-game of the operation being the installation of a backdoor into the computers of high-profile targets in the Uyghur community,” explained Check Point’s head of threat intelligence, Lotem Finkelsteen.

“The attacks are designed to fingerprint infected devices, including all of its running programs. From what we can tell, these attacks are ongoing, and new infrastructure is being created for what looks like future attacks.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply