Is the Chinese Government exploiting a hole in Office for Mac?
- 15 February, 2013 19:37
According to Kaspersky and AlienVault Labs, Chinese authorities may be exploiting a security hole in Microsoft Office for Mac to target the Uyghur people, an ethnic group of people who live in parts of Asia and are seeking independence from Chinese rule.
The targeted attacks exploit an old Office for Mac vulnerability (CVE-2009-0563) that was actually fixed over three years ago.
Kaspersky says it has noticed a "significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment."
Phishing emails have been sent to the Uyghur community that include Microsoft Word documents, which once open, activate a Mac OS X backdoor that "would initiate a connection with the server, and its "tshd_put_file" function was configured to drop stolen data in the "/downloads/" directory located there", writes Kaspersky.
The hackers are able to remotely control the computer and spy on its user's activities.
One of the corrupt files details the "Concerns over Uyghur People's Fundamental Rights Under the New Chinese Leadership". The documents can be identified by the author name: "Captain".
Similar attacks have been reported against other ethnic groups, including the Tibetan people and Uighur activists.
- Provide clients with more powerful, cost-effective cloud hosted services
- Small business technology - This is why your business needs to be in the Cloud
- Simple, Proven, Tranformative
- Rebranded Quadmark revamps its IT solutions with Google Apps
- Vintek partners with IBM to reduce costs and improve system reliability
AMD's Sempron lives on with new desktop chips
Gold Coast-based Icon expands into US
Optus hits 2.3Gbps throughput in real-world test
Australia lags in e-signature adoption: Adobe
Users refuse to chuck XP as Windows 8 uptake flattens