Date
13 December 2017
Cyber security experts in the United States are linking the malware to Chinese intelligence. Photo: Reuters
Cyber security experts in the United States are linking the malware to Chinese intelligence. Photo: Reuters

China-linked malware infecting visitors to official Afghan sites

Visitors to Afghan government websites are being infected with malicious software likely linked to China.

ThreatConnect, a United States cybersecurity firm, said its researchers last week found a corrupted JavaScript file being used to host content on the Afghan websites, Mail Online reported Tuesday.

There are no antivirus programs available for the malware, it said.

Rich Barger, chief intelligence officer of ThreatConnect, told Reuters his company is confident the new campaign, called “Operation Poisoned Helmand”, has links to the “Poisoned Hurricane” operation detected this summer by another security firm, FireEye, which linked it to Chinese intelligence.

He said the latest attack was very recent and one timestamp associated with the Java file was from Dec. 16, the same day Chinese Premier Li Keqiang visited Kazakhstan to meet with Afghan leader Abdullah Abdullah.

China is seeking to take a more active role in Afghanistan as the United States and its NATO allies reduce their military presence.

“We found continued activity from Chinese-specific actors that have used the Afghan government infrastructure as an attack platform,” Barger said.

He said Chinese intelligence could use the malware to reach a wide array of global targets checking trusted Afghan government sites for information.

– Contact us at [email protected]

FL/RA

EJI Weekly Newsletter

Please click here to unsubscribe