A new hacking campaign targeting the Uyghur community in China and Pakistan has been jointly discovered by security researchers at Czech Point and Kaspersky.
To impress their targets, the hackers sent word documents specifically embedded with the image of the United Nations Human Rights Council. It is easy to understand why. Uyghurs who have been harassed by the Chinese government should definitely be interested in this matter, which will motivate them to download and open these documents.
These Word documents contain malicious VBA macros that will be activated if the user exits Protected Mode and agrees to enter “Edit Mode”.
From there, the malicious code will try to connect to a command and control server and download the second part of the malware, which the researchers unfortunately failed to intercept.
Another treacherous way to deceive the Uyghurs is through fake websites that look like Turkish cultural foundations. This offer, in particular, helps. Those who wish to apply are invited to download and run “security software” to verify the security status of the computer and the local network.
This software simulates a scan, but in reality it collects information about the machine, such as the technical characteristics of the machine and a list of installed programs. This data is then sent to the command and control server.
Also found in the video:
According to researchers, this is a targeted campaign. She only took shots “Low number of Uyghurs in Xinjiang and Pakistan”.
Unfortunately, the technology was never discovered by a group of known hackers. What can be said at this time is that the pirates are probably Chinese-speaking.
Source: Check point