Chinese hackers brought down all major Afghanistan Government websites by hacking an official CDN network used in the country.
The experts of the ThreatConnect Intelligence Research Team (TCIRT) recently reported the operation, dubbed Operation Helmand, run by a group of Chinese hackers that attacked the entire Afghan government web network. The hackers allegedly used a targeted cross-site scripting (XSS) “drive-by” attack on the principal Content Delivery Network (CDN) used in Afghanistan.The CDN platforms are an essential component for publishing on the web, they allow to dynamically deliver web content to public and private entities. Compromising a CDN it is possible to reach a wide audience, for this reason they represent a privileged target for threat actors.
An attacker can exploit a CDN platform for example to serve malicious content and compromise visitor’ systems.
In the specific case, the attackers run a targeted cross-site scripting (XSS) “drive-by” attack that leveraged a single CDN to spread a malicious Java applet through the major Afghanistan websites.
Full Article