Visitors to Afghan government websites are being infected with malicious software likely linked to China.
There are no antivirus programs available for the malware, it said.
Rich Barger, chief intelligence officer of ThreatConnect, told Reuters his company is confident the new campaign, called “Operation Poisoned Helmand”, has links to the “Poisoned Hurricane” operation detected this summer by another security firm, FireEye, which linked it to Chinese intelligence.
He said the latest attack was very recent and one timestamp associated with the Java file was from Dec. 16, the same day Chinese Premier Li Keqiang visited Kazakhstan to meet with Afghan leader Abdullah Abdullah.
China is seeking to take a more active role in Afghanistan as the United States and its NATO allies reduce their military presence.
“We found continued activity from Chinese-specific actors that have used the Afghan government infrastructure as an attack platform,” Barger said.
He said Chinese intelligence could use the malware to reach a wide array of global targets checking trusted Afghan government sites for information.
– Contact us at [email protected]