Chinese hackers are using a novel technique

Chinese hackers are using a new watering hole attack to circumvent popular web privacy tools, according to researchers at security firm AlienVault.

These attacks commonly target particular groups through certain websites, which in this case include international non-governmental organisations (NGOs) and Uyghur and Islamic websites.

The attackers compromise websites used by the groups and include malicious content that is executed when users access the affected websites.

The researchers found that Chinese hackers are exploiting vulnerabilities in China’s most-visited websites to target individuals accessing web content state censors consider hostile.

Even users deploying popular web privacy tools, such as TOR browsers or virtual private network(VPN) connections, to bypass government surveillance are vulnerable to this latest watering hole attack.

The attack uses a novel technique AlienVault researchers said they have not seen before with watering hole attacks.

First, the attackers compromise several Chinese-language websites associated with NGOs, Uyghur communities and Islamic associations.

Next, the attackers modify the content of the website and include a JavaScript file from a malicious server that exploits JSONP hijacking vulnerabilities in more than 15 different Chinese websites, including the four most popular sites.

read more

Source: Computer Weekly

Tags ,

Related posts