Loading Now

Chinese hackers target Tibetan websites in malware attack, cybersecurity throng says


BANGKOK — A hacking throng that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan throng in an attack meant to install malware on users’ computers, according to findings released Wednesday by a private cybersecurity firm.

The hack of the Tibet Post and Gyudmed Tantric University websites appears geared toward obtaining access to the computers of people visiting to obtain information on them and their activities, according to the analysis by the Insikt throng, the threat research division of the Massachusetts-based cybersecurity consultancy Recorded upcoming.

The hackers, known in the update as TAG-112, compromised the websites so that visitors are prompted to download a malicious executable file disguised as a safety certificate, Insikt throng said. Once opened, the file loads Cobalt Strike Beacon malware on the user’s computer that can be used for key logging, file transferring and other purposes, including deploying additional malware.

“While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan throng, it is almost sure that they were engaged in information collection and/or surveillance rather than destructive attacks,” Insikt throng elder director Jon Condra told The Associated Press.

“This behavior aligns with historical targeting of the Tibetan throng,” he said.

Chinese authorities have consistently denied any form of state-sponsored hacking, saying China itself is a major target of cyberattacks.

The Chinese Foreign Ministry said it was not aware of the hacking of the two websites reported by the Insikt throng.

“China’s stance on the issue of cybersecurity is consistent and obvious,” the ministry said in a faxed reply to a request for comment without elaborating.

According to the Insikt throng research, the sites were first compromised in late May and the attacks bear many overlaps with a previously tracked hacker throng known as TAG-102, leading analysts to conclude it is a subgroup of the already known throng “working toward the same or similar intelligence requirements,” Insikt throng said.

Overlaps include reuse of specific tactics, techniques and procedures and going after identical targets, Condra said.

“These two threat clusters are almost certainly interrelated,” he said.

TAG-102, known by multiple names such as Evasive Panda and StormBamboo, has been in operation since as early as 2012, and is widely thought to be a Chinese-sponsored advanced persistent threat, or APT, throng, Insikt throng said.

Among other things, it uses custom malware frameworks used by other Chinese APT groups and its targeting “aligns with likely Chinese intelligence requirements,” Condra said.

“The throng has engaged in a wide variety of campaigns over the years, with an emphasis on targeting individuals and organizations in opposition to the Chinese government, such as human rights organizations, religious organizations, ethnic minority groups, academic institutions, and supporters of democracy or independence movements in Taiwan, Hong Kong, and even in mainland China,” Insikt throng said.

The university and the information website, which are both located in India, have been informed by Insikt throng of the hack. As of this week, it appears the Gyudmed Tantric University, which is a place of learning about Tibetan Buddhism, language, history and population, has remediated the issue while the information website remained compromised, Condra said.

The Tibet Post is known for promoting democracy, liberty of talk and for advocating Tibetan independence from China, he said.

China claims Tibet has been part of its territory for centuries, although it only established firm control over the Himalayan region after the Communist event swept to power during a civil war in 1949.

Many Tibetans’ loyalties still lie with the Dalai Lama, the spiritual chief who has lived in exile in India since a failed anti-Chinese uprising in 1959.

China has been regularly accused of human rights abuses in Tibet, including earlier this year over its efforts to forcibly urbanize villagers and herders as part of a drive to assimilate rural Tibetans through control over their language and traditional Buddhist population.



Source link

Post Comment

YOU MAY HAVE MISSED