Sitemap | Impressum
web2.0 Diaspora Vimeo taz We at Mastodon A-FsA Song RSS Twitter Youtube Tumblr Flickr Wikipedia Bitcoin Facebook Bitmessage Betterplace Tor-Netzwerk https-everywhere
30.05.2016 Malware gegen kritische Journalisten

Keep Calm and Don’t Enable Macros or JavaScript

This report describes a campaign of targeted spyware attacks carried out from 2012 until the present, against Emirati journalists, activists, and dissidents.  The campaign was discovered when an individual mail from an apparently fictitious organization called “The Right to Fight” contacted Rori Donaghy.  

Donaghy, a UK-based journalist and founder of the Emirates Center for Human Rights, received a spyware-laden email in November 2015, purporting to offer him a position on a human rights panel.  Donaghy has written critically of the United Arab Emirates (UAE) government in the past, and had recently published a series of articles based on leaked emails involving members of the UAE government.

CitizenLab in the meantime found 31 public tweets sent by Stealth Falcon, 30 of which were directly targeted at one of 27 victims.  Of the 27 targets, 24 were obviously linked to the UAE, based on their profile information (e.g., photos, “UAE” in account name, location), and at least six targets appeared to be operated by people who were arrested, sought for arrest, or convicted in absentia by the UAE government, in relation to their Twitter activity.

The attacks are working like this:

Donaghy was suspicious of the email, and forwarded it to CitizenLab for analysis.  They found that the link in the email ( loaded a page containing a redirect to the website of Al Jazeera.  Before completing the redirect, it invoked JavaScript to profile the target’s computer.

By chance, the attachment was identified as malicious and blocked by a program running in Donaghy’s email account.  An analysis showed that it links to an image that claims that “This Document Is Secured” and requests that the user “Please enable macros to continue.”

The image attempts to execute code on the recipient’s computer, using a macro.

Read more and find the technical background here

All articles about


Category[21]: Unsere Themen in der Presse Short-Link to this page:
Link to this page:
Link with Tor: nnksciarbrfsg3ud.onion/de/articles/5583-20160530-malware-gegen-kritische-journalisten.htm
Tags: #Cyberwar #UAE #VereinigteArabischeEmirate #Malware #Journalisten #Geheimdienste #Hacking #Trojaner #Cookies #Verschluesselung #Todesstrafe #Hinrichtungen #Zensur #Informationsfreiheit #Anonymisierung #Meinungsmonopol #Meinungsfreiheit #Pressefreiheit #Menschenrechte
Created: 2016-05-30 07:30:30
Hits: 1474

Leave a Comment

If you like a crypted answer you may copy your
public key into this field. (Optional)
To prevent the use of this form by spam robots, please enter the portrayed character set in the left picture below into the right field.
logos Mitglied im European Civil Liberties Network Creative Commons Bundesfreiwilligendienst We don't store user data World Beyond War Tor - The onion router HTTPS - use encrypted connections We don't use JavaScript For transparency in the civil society