you're reading...


Watering hole attack targets Chinese dissidents

A fresh “watering hole” campaign that targets Chinese government dissidents is under-way, according to security firm FireEye.

In a watering hole attack scenario, a trendy scheme used to conduct cyber espionage, a website frequented by a targeted victim list is seeded with malware so that when they visit the site, they are hit with the exploit. In this case, the exploit was being served from two Chinese news sites that are frequented by Chinese government dissenters.

FireEye researchers Thoufique Haq and Yasir Khalid explained last week in a blog post that the ambush makes use of a vulnerability in Internet Explorer 8 that was just patched in Microsoft’s March security update. And the bug is a likely candidate to be rolled into other exploits.

Here’s where I first heard about it:


And the original source:



No comments yet.

Post a Comment