Chinese hackers are targeting local users with watering hole attacks capable of bypassing Tor and VPN defences, according to a researcher at AlienVault.
Jaime Blasco reported uncovering the wave of attacks after Indiana University PhD student Sumayah Alrwais notified the firm through RSA Labs.
"[We've seen] a series of watering hole attacks that have been targeting NGO, Uyghur and Islamic websites since at least October 2013, with the most recent attack discovered a few days ago," read the report.
The attacks reportedly use several popular Chinese language websites associated with NGOs, Uyghur communities and Islamic associations to spy on privacy-focused web users.
Watering hole attacks infect computers with malicious code by hijacking trusted websites often visited by the victim and transforming them into malware-distribution tools.
Blasco explained that the use of JSONP allows the attackers to siphon off large amounts of data, including gender, birth date, real name and user ID, despite the victims' use of a VPN or Tor.
He added that the attacks are heavily targeted and do not exploit direct vulnerabilities in Tor.
"It is really important to understand the differences between anonymity and privacy. For instance, if you are using Tor or a VPN service that encrypts your communications, it is going to give you a certain level of privacy, but your anonymity is still at risk," he said.
"Anonymity is the idea of being 'non-identifiable' or 'un-trackable', but it is hard to remain anonymous if you are using services where you have revealed personal information and you browse other sites that can exploit vulnerabilities to access your personal information."
The news follows widespread concerns about efforts by law enforcement and government agencies to track VPN and Tor users.
Professor Sambuddah Chakravarty, from the Indraprastha Institute of Information Technology in Delhi, reported in November 2014 that nearly 80 percent of Tor users were vulnerable to network analysis attacks. The Tor Project has constantly denied this claim.
The US and UK governments have both argued that encrypted services such as Tor and VPNs hamper law enforcement and intelligence agencies' ability to track terrorist and criminal groups and are considering legislation curtailing their use.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago