Cyber Espionage Unveiled: Targeted Attack on Tibetan-Linked Websites

A Chinese state-sponsored hacking group known as TAG-112 targeted Tibetan-linked websites, Tibet Post and Gyudmed Tantric University, to install malware. This cyber espionage aligns with historical hacker activities against the Tibetan community for surveillance, revealing threats from advanced persistent threat groups.


Devdiscourse News Desk | Bangkok | Updated: 13-11-2024 19:48 IST | Created: 13-11-2024 19:48 IST
Cyber Espionage Unveiled: Targeted Attack on Tibetan-Linked Websites
This image is AI-generated and does not depict any real-life event or location. It is a fictional representation created for illustrative purposes only.
  • Country:
  • Thailand

A hacking group suspected to be backed by the Chinese state has breached two websites linked to the Tibetan community, launching an attack designed to infect users' computers with malware, as reported by a private cybersecurity firm.

The compromised sites, Tibet Post and Gyudmed Tantric University, aimed to access the computers of visitors seeking information, according to an analysis by the Insikt Group of Recorded Future.

The attackers, known as TAG-112, misled users into downloading a malicious file posing as a security certificate. This file installs Cobalt Strike Beacon malware capable of keylogging and deploying additional malware. Senior director Jon Condra indicated the group's primary aim was information collection and surveillance.

(With inputs from agencies.)

Give Feedback