Uygur and Taiwanese Travel Agency Sites Also Targeted in CFR Attack

Security researcher Eric Romang continues to investigate the campaign

By on January 4th, 2013 08:44 GMT

Eric Romang, the researcher that has analyzed the recent Council on Foreign Relations (CFR) watering hole attacks, has found a couple of additional websites targeted in this campaign.

One of them is the site of Taiwanese travel agency PHIL-AM Tour ( Fortunately, the website has been cleaned up.

The second website, which still hosts the malicious webpage, belongs to a dissident Uygur group known as Uygur Haber Ajansi ( This isn’t the first time when an Uygur ethnic group is targeted by cybercriminals.

The fact that this particular site has been compromised once again shows that the main targets of this operation are related to China.

Similar to the Capstone Turbine Corporation, another organization found to be targeted in this watering hole attack, the site of Uygur Haber Ajansi previously hosted the Internet Explorer exploit identified back in September.


Uygur Haber Ajansi website targeted in watering hole attack
   Uygur Haber Ajansi website targeted in watering hole attack