A diversification of targets for a clever keylogging attack suggests that several hacking groups may be using the “ScanBox” framework, which spies on users without installing malicious software.
ScanBox was found in August by the security company Alien Vault on the website of a large industrial company that develops simulation and engineering software for aerospace and manufacturing companies.
PricewaterhouseCoopers wanted to see if ScanBox was more widespread and found it on a more diverse set of websites, including one for the Uyghur community in China, an industrial-related website in Japan, a U.S. think tank and a Korean hospitality site.
PricewaterhouseCoopers says that ScanBox is "particularly dangerous as it does not require malware to be successfully deployed to disk in order to steal information."
Here is a recent Think Tank Watch post about Chinese hackers targeting Middle East scholars at think tanks.