Malicious code planted within compromised pages has become the latest method for attackers targeting government organisations, according to research from security firm Zscaler.
The firm reported a number of government-affiliated sites that have been found to contain code that directs users to attack servers.
The most recent site to become infected was that of the French Budget Minister.
The attack is the latest in what Zscaler sees as a string of site hijackings aimed at government-controlled domains. Researchers have noted previous attacks on systems in the US, Austria and Malaysia.
Zscaler chief executive Jay Chaudhry believes the attacks are not the work of profit-minded criminals looking to harvest bank details, but rather state-sponsored operations aimed at infecting government workers and other high-value targets.
"Most of the time when they go after a government site they are collecting specific pieces of information, a lot of these attacks are to steal state secrets," Chaudhry told V3.
"If they find the right users and figure out a way to infect them with a bot, they have a spy in place with a key target."
Previously, state-sponsored attacks relied on specially-crafted email messages to put spyware tools on the systems of specific targets.
While those attacks have been used in certain advanced persistent threat operations, researchers see hijacked page attacks as more of a wide-ranging operation looking to net large numbers of accounts in hopes of infecting a few key systems.
Further adding to the danger of the attacks, said Zscaler security researcher Julien Sobrier, is the large number of sites and domains being run by most government programmes.
Sobrier told V3 that organisations often leave a few of their less popular sites and portals poorly maintained and protected, leaving a back door open for attackers.
"All of those subdomains can be used to infect the entire site," he explained, "but there may not be as much protection on many of them."