Malicious software likely linked to China was used to infect visitors to a wide range of official Afghan government websites, U.S. cybersecurity researchers say.

ThreatConnect, a Virginia-based cybersecurity firm, said its researchers last week found a corrupted JavaScript file that was used to host content on “” websites, and there are no known antivirus protections available for the malware.

Rich Barger, chief intelligence officer of ThreatConnect, told Reuters his company was confident the new campaign, “Operation Poisoned Helmand,” was linked to the “Poisoned Hurricane” campaign detected this summer by another security firm, FireEye, that linked it to Chinese intelligence.

He said the latest attack was very recent and one timestamp associated with the Java file was from Dec. 16, the same day Chinese Prime Minister Li Keqiang met with Afghanistan’s chief executive officer, Abdullah Abdullah in Kazakhstan.

Read more

Related Articles