Just-patched Java, IE bugs used to snare human rights sites
The website belonging to non-governmental organization Reporters Without Borders is the latest to be hit by attacks that use the recently patched Java and Internet Explorer vulnerabilities to surreptitiously hijack computers of visitors, security researchers said.
The compromise comes a week after similar attacks successfully commandeered sites belonging to major Hong Kong political parties, Jindřich Kubec, a security researcher with antivirus provider Avast, wrote in a blog post published Tuesday. It’s most likely another example of a “watering hole” attack, in which attackers target the sites their victims are likely to visit, in much the way predators position themselves near a river or lake bed to lie in wait for thirsty prey.
“Such an organization is an ideal target for [a] watering-hole campaign, as it seems right now the miscreants concentrate only on human rights/political sites—many Tibetan, some Uygur, and some political parties in Hong Kong and Taiwan which are the latest hits in this operation,” Kubec wrote. “In our opinion the finger could be safely pointed to China (again).”