Chinese Uyghur Dissidents Targeted by Mac Malware
Uyghur girls in a market in Hotan, Xinjiang Province, western China, in 2005.
CREDIT: Colegota/Creative Commons
A Chinese minority group is the target of a new concerted wave of cyberattacks involving an old vulnerability in Microsoft Word.
The hackers, likely working on behalf of the Chinese government, are using Mac OS X malware to spy on dissidents agitating for Uyghur national rights in western China, security firms Kaspersky Lab and AlienVault reported Wednesday (Feb. 13).
The Uyghur are a Sunni Muslim group of Turkic-speaking Eurasians, many of whom are at odds with the Chinese government and call their homeland "East Turkestan."
Most of the targets of the Mac malware have been members of the Munich-based World Uyghur Congress, who become infected by opening booby-trapped Word documents attached to spear-phishing emails.
The Word documents are labeled with titles such as "Concerns over Uyghur People," "Uyghur Political Prisoner" and, ironically, "WUC Hacking Emails."
Using a Microsoft Word vulnerability that was patched in 2009, attackers are able to steal an infected computer's address book.
The Word vulnerability affected Windows 2000 and Windows XP as well, but the malware observed by Kaspersky and AlienVault researchers affected only Macs.
In 2003, the Chinese government labeled the Uyghur World Congress a terrorist group.
Chinese state-sponsored hackers have been implicated in other attacks upon ethnic dissidents in the past, including one last month that used an Internet Explorer zero-day exploit to target Uyghurs.
Other attacks last year involved Trojans spying on Tibetan exiles who were using Macs.
These latest attackers were successful because the victims had not kept their software up to date. Had the victims done so, it would have been much more difficult to steal their contact lists.
Whether you're a political activist or just a regular Joe, it's always a good idea to keep on top of software updates and to install a quality anti-virus package.