Eric Romang, the researcher that has analyzed the recent Council on Foreign Relations (CFR) watering hole attacks, has found a couple of additional websites targeted in this campaign.
One of them is the site of Taiwanese travel agency PHIL-AM Tour (philam.com.tw). Fortunately, the website has been cleaned up.
The second website, which still hosts the malicious webpage, belongs to a dissident Uygur group known as Uygur Haber Ajansi (uygurunsesi.com). This isn’t the first time when an Uygur ethnic group is targeted
The fact that this particular site has been compromised once again shows that the main targets of this operation are related to China.
Similar to the Capstone Turbine Corporation, another organization found to be targeted
in this watering hole attack, the site of Uygur Haber Ajansi previously hosted the Internet Explorer exploit identified
back in September.