Security researcher Eric Romang continues to investigate the campaign
The second website, which still hosts the malicious webpage, belongs to a dissident Uygur group known as Uygur Haber Ajansi (uygurunsesi.com). This isn’t the first time when an Uygur ethnic group is targeted by cybercriminals.
The fact that this particular site has been compromised once again shows that the main targets of this operation are related to China.
Similar to the Capstone Turbine Corporation, another organization found to be targeted in this watering hole attack, the site of Uygur Haber Ajansi previously hosted the Internet Explorer exploit identified back in September.