A Look At Advanced Targeted Attacks Through the Lens of a Human-Rights NGO 25
An anonymous reader writes New research was released on cyber-attacks via human-rights NGO World Uyghur Congress over a period of four years. Academic analysis was conducted through the lens of a human-rights NGO representing a minority living in China and in exile when most targeted attack reports are against large organizations with apparent or actual financial or IP theft unlike WUC, and reported by commercial entities rather than academics. The attacks were a combination of sophisticated social engineering via email written primarily in the Uyghur language, in some cases through compromised WUC email accounts, and with advanced malware embedded in attached documents. Suspicious emails were sent to more than 700 different email addresses, including WUC leaders as well as journalists, politicians, academics and employees of other NGOs (including Amnesty International and Save Tibet — International Campaign for Tibet).
The study will be presented at USENIX on August 21, and the full paper is already available.
Re:Why isn't sandboxing standard practice? (Score:5, Funny)
had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.
Had MS sandboxed Office, the attack vector would be MS sandbox.