Chinese Government targets Uyghur group by malware attack

An old vulnerability in Word for OS X is being used in increasing levels of attacks, probably government-sponsored hacking programs against Uyghur group, including Tibetans, NGOs and human rights organizations.

A number of attacks have been seen directed at the World Uyghur Congress, a Munich-based organization that promotes human rights. Potential victims are often tricked by so-called spear phishing attacks, the targets receive an e-mail with a subject relevant to their interests, and a Word document attached.

When they open the document, TinySHell exploits a vulnerability and then infects the computer. Exploit allows long-term monitoring or even control of the compromised system though a backdoor it installs. The malware is configured to connect to command and control servers that have been used for years in APT attacks.

All the attacks use exploits for the CVE-2009-0563 (Microsoft Office) vulnerability and The backdoor also includes hard-coded functionality to pull down an arbitrary executable from the C2s.

Kaspersky recommend users to Update all software (especially Word) that you have on your computer and to use Chrome or other browsers that include fraud-detection features.