The "Operation Poisoned Helmand" operation, as part of the "Poisoned Hurricane" campaign, is reportedly targeting visitors to Afghan government websites, according to the ThreatConnect cybersecurity company. The attacks reportedly originated from China and looks to compromise Internet users visiting gov.af websites - using corrupted JavaScript files.
"We found continued activity from Chinese specific actors that have used the Afghan government infrastructure as an attack platform," said Rich Barger, ThreatConnect CIO, in a statement to Reuters.
As the United States and NATO slowly wind down operations in Afghanistan, it looks like China wants to step up and become more active in the volatile country. This isn't the first time Afghan ministry websites have been targeted, with malware found on justice, foreign affairs, commerce, industry and education ministry websites in the past.