The latest Java zero-day saga continues, with a rights group claiming that the UAE government used the vulnerability in an attempt to get spyware onto a machine belonging to an activist.
The flaw emerged last week and various hacked websites were seen serving up exploits. Oracle released an out-of-band update over the weekend and urged the users to immediately patch their software.
Many remain concerned about who has taken advantage of the vulnerability, and to what ends.
The campaign group believes the UAE government is behind this attack, as well as other campaigns against activists based in the country. At the time of publication, the UAE embassy in London had not responded to a request for comment.
The Java vulnerability was unpatched when the activist in the UAE received the email. The spyware examined by Bahrain Watch would be undetectable by the majority of anti-virus software.
“Based on a memory image of an infected computer, the payload appears to be similar to the SpyNet Remote Administration Toolkit, or a piece of spyware derived from the SpyNet source code,” reads the blog from Bahrain Watch.
“SpyNet reportedly offers a full suite of functionality on a victim’s computer to the attacker, including keylogging and password stealing, viewing a victim’s screen, and turning on a victim’s webcam.
“SpyNetCoder – the individual who writes SpyNet – apparently offered to sell a version of his source code for $300.”
The domain name associated with the attackers’ command and control infrastructure “has been used many times over the past three months in attacks on UAE activists”, the group claimed.
“Bahrain Watch believes that the UAE Government is behind ongoing attacks on UAE activists, including this attack. This is the first instance of a cyberattack against UAE or Bahraini activists that has involved the compromise of a third-party website, as far as Bahrain Watch is aware,” it added.
“Those who operate in a way that is contrary to the government’s political wishes in the UAE and Bahrain are under constant attack from a number of threats, including spyware. Bahrain Watch advises Internet users to avoid clicking on unsolicited links, or opening unsolicited email attachments, even those purportedly from friends.”
This certainly isn’t the first time someone claims that activists in the Middle East have been targeted by spyware. In October, Ahmed Mansoor, a prominent blogger and part of the UAE Five, a group of Emirati activists who were imprisoned from April to November 2011 on charges of insult, was targeted by surveillance malware, according to the Citizen Lab.
Last year, British firm Gamma International was implicated in selling spying kit to a Middle-Eastern government, after researchers found spy malware sent to activists in Bahrain was linked to the firm’s software. Gamma later denied claims it had been selling products to any oppressive regimes.
What do you know about online security? Try our quiz and find out.
After the United States imposes 100 percent tariffs on certain Chinese goods, Europe widens its…
OpenAI strikes deal with Reddit to train its AI tech on user posts and give…
Global spending spree from Microsoft continues, with huge investment for new data centre to drive…
Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…
European Commission opens an official child safety investigation into Facebook and Instagram-owner Meta Platforms
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…