Chinese hackers are targeting Tibetan websites with malware attacks, the cybersecurity group says

BANGKOK – A hacking group believed to be the case Sponsored by the Chinese state compromised two websites linked to the Tibetan community in an attack intended to install malware on users’ computers, according to findings released Wednesday by a private cybersecurity firm.

The hack of the Tibet Post and Gyudmed Tantric University websites appears to be aimed at gaining access to the computers of people who visit to obtain information about them and their activities, according to the analysis by the Insikt Group, the threat research arm of the in Massachusetts-based cybersecurity company. consultancy Record Future.

The hackers, known in the report as TAG-112, compromised the websites so that visitors are prompted to download a malicious executable disguised as a security certificate, Insikt Group said. Once opened, the file loads Cobalt Strike Beacon malware onto the user’s computer that can be used for key logging, file transferring, and other purposes including deploying additional malware.

“While we have no insight into the activities TAG-112 conducted on compromised devices during this campaign, given their likely cyber espionage mission and the targeting of the Tibetan community, it is almost certain that they were involved in intelligence gathering and/or surveillance instead of destructive attacks,” Jon Condra, senior director of the Insikt Group, told the Associated Press.

“This behavior is consistent with the historical targeting of the Tibetan community,” he said.

Chinese authorities have consistently denied any form of terrorism state-sponsored hacking, China itself is a major target of cyber attacks.

China’s Foreign Ministry said it was not aware of the hacking of the two websites reported by the Insikt Group.

“China’s position on the issue of cybersecurity is consistent and clear,” the ministry said in a faxed response to a request for comment, without elaborating.

According to the Insikt group’s research, the sites were first compromised in late May and the attacks have a lot of overlap with a previously tracked hacker group known as TAG-102. Analysts conclude that it is a subgroup of the already known group that “works on the same or similar intelligence requirements,” according to Insikt Group.

Overlaps include the reuse of specific tactics, techniques and procedures and the pursuit of identical goals, Condra said.

“These two threat clusters are almost certainly linked,” he said.

TAG-102, known by multiple names such as Evasive Panda and StormBamboo, has been in use since 2012 and is widely considered a Chinese-sponsored advanced persistent threat, or APT, group, according to Insikt Group.

Among other things, it uses customized malware frameworks used by other Chinese APT groups and its targeting “is consistent with likely Chinese intelligence requirements,” Condra said.

“The group has conducted a wide variety of campaigns over the years, with an emphasis on targeting individuals and organizations that oppose the Chinese government, such as human rights groups, religious organizations, ethnic minority groups, academic institutions and supporters of democracy. or independence movements in Taiwan, Hong Kong and even mainland China,” said Insikt Group.

The university and the news website, both based in India, were informed of the hack by Insikt Group. As of this week, it appears that Gyudmed Tantric University, a place to learn about Tibetan Buddhism, language, history and culture, has resolved the problem while the news website remained compromised, Condra said.

The Tibet Post is known for promoting democracy, freedom of expression and advocating Tibetan independence from China, he said.

China claims Tibet has been part of its territory for centuries, although it only gained firm control over the Himalayan region after the Communist Party came to power during a civil war in 1949.

The loyalty of many Tibetans still lies with the Dalai Lama, the spiritual leader who has lived in exile in India since a failed anti-Chinese uprising in 1959.

China is regularly accused of this human rights violations in Tibet, including earlier this year over its efforts to forcibly urbanize villagers and herders as part of an effort to assimilate rural Tibetans through control over their language and traditional Buddhist culture.