Cyber Espionage Unveiled: Targeted Attack on Tibetan-Linked Websites
A Chinese state-sponsored hacking group known as TAG-112 targeted Tibetan-linked websites, Tibet Post and Gyudmed Tantric University, to install malware. This cyber espionage aligns with historical hacker activities against the Tibetan community for surveillance, revealing threats from advanced persistent threat groups.
- Country:
- Thailand
A hacking group suspected to be backed by the Chinese state has breached two websites linked to the Tibetan community, launching an attack designed to infect users' computers with malware, as reported by a private cybersecurity firm.
The compromised sites, Tibet Post and Gyudmed Tantric University, aimed to access the computers of visitors seeking information, according to an analysis by the Insikt Group of Recorded Future.
The attackers, known as TAG-112, misled users into downloading a malicious file posing as a security certificate. This file installs Cobalt Strike Beacon malware capable of keylogging and deploying additional malware. Senior director Jon Condra indicated the group's primary aim was information collection and surveillance.
(With inputs from agencies.)