Burlington-based computer security firm Arbor Networks says it has detected an aggressive campaign of cyberattacks, probably directed from China and aimed at human rights workers and journalists in Hong Kong and Taiwan, as well as activists supporting independence for Tibet.
Arbor researchers found that four well-known vulnerabilities in Microsoft Corp.’s Rich Text File document format are being used to inject malware into unprotected computers. Infected documents are e-mailed to potential victims as attachments. They feature titles like “One Tibetan Protester is Freed, Two Others Are Jailed,” in hopes of tricking recipients into opening them.
When opened on a vulnerable computer, the attachments will infect the machine with “Trojan horse” malware that can give the attacker total control of the machine and access to all files.
The company said that the attacks resemble a similar onslaught of malware that targeted Uyghur activists between 2009 and 2014. The Uyghurs are a Muslim ethnic group concentrated mainly in northwestern China; in 2009, about 200 died during riots in the region spawned by tensions between Uyghurs and ethnic Chinese residents. The Arbor report said that the targets of the latest attacks and their similarity to the online campaign against Uyghur activists “suggest that the threat actors herein have a Chinese nexus.”