Both are focused on China, one site on its actions against Taiwan and Hong-Kong written in Chinese and still updated and the other about general atrocities done by the Chinese government, written in Swedish and last updated 2016. The sites both appear to be independent newsblogs. Update 22/08/21 – Added 3 rd wateholed site, additional web users mitigations.įelix has found two sites containing links to the malicious domain googledriverscom. This report includes several detection and prevention ideas and indicators, for the web users and for developers. This report is based on exemplary work by who found 2 waterholed websites which triggered all this research.Īs of the time of this writing, all the components of the framework are undetected by AV, except a 2 nd stage detected by “Ikarus”. Three different waterholed websites have been found, there are indications to at least 5 more.Tetris exploits vulnerabilities is 58 widely used websites, including Aliexpress, Baidu, QQ and Tmall.Almost all of Tetris’ components have zero AV detections.The Campaign uses a modular and custom JS surveillance framework, dubbed “Tetris”, implementing a wide range of browser feature.A Chinese state sponsored threat actor is targeting Chinese-speaking opposition through waterholed websites.
0 kommentar(er)
