Two Nepalese government websites have been compromised and injected with malicious code that tries to exploit the Java vulnerability CVE-2012-0507. This breach was detected by the Websense ThreatSeeker Network.
The two websites belong to the National Information Technology Center (NITC) and the Office of the Prime Minister and Council Minister (nitc.gov.np and opmcm.gov.np respectively).
According to Web filtering software company Websense, the aim of this injection is to install, through successfully exploiting that Java weakness, a backdoor that is also dubbed "Zegost" on the systems of visitors to these websites.
This vulnerability (CVE-2012-0507) was also used in the Amnesty International UK website compromise and in the INSS website compromise. The backdoor variant in this attack is known to have been used in other targeted attacks that were aimed at Uyghurs, Tibetans, and others in that area.
A detailed analysis of this attack can be found here. The websites were reportedly hacked in early 2012.
Sign up for MIS Asia eNewsletters.