Reuters has an interesting story this morning. The upcoming anniversary of Communist rule over mainland China has apparently kicked off a wave of attacks targeting foreign media.
The targeted attacks, centering on foreign reporters, rights activists, and other groups, use email with infected attachments to attempt to infect their systems. So far, reporters in Beijing and Shanghai have seen malicious emails with attachments that attempt to exploit vulnerabilities in Adobe’s Reader software.
It would appear that Reuters caught wind of the story because they were a part of it. A series of emails from a “Pam Bouron” were sent to those working out of Beijing and Shanghai, asking for assistance in setting up interviews. The problem is that Reuters has no such person working with them.
In addition to Reuters, journalists from the Straits Times, Dow Jones, Agence France Presse, and Ansa each received similar emails. While investigating the emails, Reuters noted that they were sent to people who would often never see their name in by-lines, as the email campaign stuck with assistants mostly.
In an interview with Reuters, Nicholas Bequelin of Human Rights Watch in Hong Kong, said that, "There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar. Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it.”
The idea that foreign media would be targeted by criminals or government officials in China is nothing new. However, we do find it odd that they would target Reuters, who is arguably the largest media origination in the world, as if Reuters wouldn’t check into Pam Bouron. Yet, at the same time, this story demonstrated the importance of ensuring proper patching.
While in this case it was a traveling reporter, more often than not hardware is sent into the field with the sales force. Yet, those assets need to be monitored and secured in the same fashion that one would patch desktops located in cubicles. It wasn’t a fluke that the malicious emails targeted out of date Adobe software. This is why it is important that IT ensures that anyone who is outside of the office keeps all of the installed software updated.
The Reuters report did not mention anyone being infected by the malicious attachments, but before the 60th anniversary of the Communist Party’s takeover on October 1, the odds of someone being infected are good, if enough emails are sent out.
The overall goal of the Malware is unknown. Reuters did not mention any testing or research into the malicious attachments. However, they did note that similar emails appeared shortly before the Olympics last year.