A Look At Advanced Targeted Attacks Through the Lens of a Human-Rights NGO

An anonymous reader writes New research was released on cyber-attacks via human-rights NGO World Uyghur Congress over a period of four years. Academic analysis was conducted through the lens of a human-rights NGO representing a minority living in China and in exile when most targeted attack reports are against large organizations with apparent or actual financial or IP theft unlike WUC, and reported by commercial entities rather than academics. The attacks were a combination of sophisticated social engineering via email written primarily in the Uyghur language, in some cases through compromised WUC email accounts, and with advanced malware embedded in attached documents. Suspicious emails were sent to more than 700 different email addresses, including WUC leaders as well as journalists, politicians, academics and employees of other NGOs (including Amnesty International and Save Tibet — International Campaign for Tibet). The study will be presented at USENIX on August 21, and the full paper is already available.

Why isn't sandboxing standard practice?

[Joe Gillian]

In the article, they mention that the group attacking WUC was using vulnerabilities in Acrobat Reader, but stopped after Adobe added sandboxing to Acrobat - and then promptly switched to using vulnerabilities in MS Office. Why is it that sandboxing isn't a standard for all popular office software? It seems like had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.