A Look At Advanced Targeted Attacks Through the Lens of a Human-Rights NGO

An anonymous reader writes New research was released on cyber-attacks via human-rights NGO World Uyghur Congress over a period of four years. Academic analysis was conducted through the lens of a human-rights NGO representing a minority living in China and in exile when most targeted attack reports are against large organizations with apparent or actual financial or IP theft unlike WUC, and reported by commercial entities rather than academics. The attacks were a combination of sophisticated social engineering via email written primarily in the Uyghur language, in some cases through compromised WUC email accounts, and with advanced malware embedded in attached documents. Suspicious emails were sent to more than 700 different email addresses, including WUC leaders as well as journalists, politicians, academics and employees of other NGOs (including Amnesty International and Save Tibet — International Campaign for Tibet). The study will be presented at USENIX on August 21, and the full paper is already available.

Climate scientist too

[mdsolar]

Quite a few computer systems used by climate scientists get targeted as well.

Why isn't sandboxing standard practice?

[timrod]

In the article, they mention that the group attacking WUC was using vulnerabilities in Acrobat Reader, but stopped after Adobe added sandboxing to Acrobat - and then promptly switched to using vulnerabilities in MS Office. Why is it that sandboxing isn't a standard for all popular office software? It seems like had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.

Re:Why isn't sandboxing standard practice?

[Thanshin]

had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.

Had MS sandboxed Office, the attack vector would be MS sandbox.

Re:Why isn't sandboxing standard practice?

[1u3hr]

People have been asking that FOR 20 FUCKING YEARS
===========
http://www.f-secure.com/v-desc...
Virus:W32/Concept
Virus:W97M/Concept also known as Word Prank Macro or WW6Macro - is a macro virus which has been written with the Microsoft Word v6.x macro language. It has been reported in several countries, and seems to have no trouble propagating in the wild.

WM/Concept used to be extremely widespread during 1995-1997.
===========
I remember back in 2000, my boss asking "How do I run this "I Love You" macro someone sent me?"

Word macros were cool and useful, until Microsoft decided it was clever to embed them in the document.

And they did the same fucking thing with "Windows Media"
And USB autoexec

Always prioritising some gimmicky shit that allowed advertisers to push crap over security, and allowed any asshole to take over your PC by getting you to open a document or media file.
.

Re:to understand the attacks, understand NGO.

[poity]

Your claim is the WUC orchestrated the 2009 Urumqi riots. You also imply that those riots were comparable to terrorism.

Re:NGO?

[Livius]

Because the "non-governmental" part matters.

Re:NGO?

[hey!]

Because "NGOs" operate in spheres like humanitarian relief and social justice which require them to rub elbows with governments and government sponsored entities. In some cases the kinds of work they do may even overlap, as might happen when FEMA and the Red Cross deploy after a major disaster like a hurricane.

In those cases it's useful to differentiate between government organizations like FEMA or the Coast Guard and non-Governmental organizations like Red Cross or Doctors Without Borders.

Advanced Sophisticated cyber-email attachment atta

[lippydude]

Slashdot is getting as bad as the conventional tech press in your inability to mention the Operating System that the vast majority of these cyber-attacks run on or require to vector the malware onto peoples 'computers'.