The domain name contacted by this malware was also used in the past in attacks that targeted Tibetan activists, Seculert's Raff said. Those older attacks installed both Windows and Mac OS X malware, he said.
Greg Walton, a researcher from MalwareLab, a security outfit that tracks politically motivated malware attacks, said on Twitter that the Mandiant-themed spear-phishing attack targeted journalists in China. This information could not be confirmed by Raff or Dixon, who said that they don't have copies of the original spam emails, only of the malicious attachment they contained.
Sign up for CIO Asia eNewsletters.