The Turkish minority residing in the Western region of China is being targeted by the Chinese government who are exploiting security vulnerability in the older versions of Microsoft Office designed for the Mac OS X. Two of the leading online security vendors viz. Kaspersky Labs and AlienVault, who have stated that they have observed a rise in the attacks of a premeditated nature against the Uyghur minority in China who are using Macs. They further commented that the attacks appear to be sponsored by the State and the hackers could be working for the Chinese government.
Chinese Government targets Uyghur group by malware attack
The Turkish minority of Sunni Muslims has always been at odds with the Chinese government and they regularly keep logging heads with the State and call their region of domicile as East Turkestan. The Uyghur had raised mass protests in the years 2009 and 2012 which unfortunately escalated into full fledged riots. That these attacks could be politically motivated can be adjudged from the fact that the targets of these attacks are organizations working for the welfare of the Uyghur community, most notably the World Uyghur Congress. World Uyghur Congress which is a Munich based organization which fights for the rights of the community.
This is not surprising given the fact that the Chinese government is well known for its espionage activities utilizing hacking programs to keep an eye on human right organizations, NGOs, and dissident groups across the nation and abroad. The hackers have spread the malware using spear phishing emails which target members of the Uyghur community. These malicious emails are sent with attachments or topics which are of interest to the Uyghur people and contain attachments of MS WORD files which upon opening lead to the installation of a malware which is done by exploiting the vulnerability found in the outdated versions of MS WORD. The loophole, known as the MaControl backdoor, provides hackers with easy access to the personal and other information and monitors the internet activity of the targets. It can also run malicious commands on the Mac OS X machines. The malware has been designed in such a manner so as to specifically target the Mac computers.
According to Costin Raiu, director of the R&A team at Kaspersky Labs, who stated in a blog that During the past months, we’ve monitored a series of targeted attacks against Uyghur supporters, most notably against the World Uyghur Congress (WUC),” and that “Although some of these attacks were observed during 2012, we’ve noticed a significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment.”
Kaspersky has gone on to say that these attacks prove that the Advanced Persistent Threat (APT) attacks are still being used by hackers and that Mac devices are not impermeable from such attacks as contrary to the popular belief. Raiu commented that “With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users,”
Well, it seems that members of the Uyghur community will have to continually update their anti-malware software and avoid phishing emails.
