logo
China Tibet Hacking
FILE- The Chinese flag flies at a plaza near the Potala Palace in Lhasa in western China's Tibet Autonomous Region, June 1, 2021, as seen during a government organized visit for foreign journalists. (AP Photo/Mark Schiefelbein, File)

Chinese hackers target Tibetan websites in malware attack, cybersecurity group says

A hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users’ computers

By DAVID RISING
Published - Nov 12, 2024, 10:30 PM ET
Last Updated - Dec 16, 2024, 05:27 PM EST

BANGKOK (AP) — A hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users' computers, according to findings released Wednesday by a private cybersecurity firm.

The hack of the Tibet Post and Gyudmed Tantric University websites appears geared toward obtaining access to the computers of people visiting to obtain information on them and their activities, according to the analysis by the Insikt Group, the threat research division of the Massachusetts-based cybersecurity consultancy Recorded Future.

The hackers, known in the report as TAG-112, compromised the websites so that visitors are prompted to download a malicious executable file disguised as a security certificate, Insikt Group said. Once opened, the file loads Cobalt Strike Beacon malware on the user's computer that can be used for key logging, file transferring and other purposes, including deploying additional malware.

“While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan community, it is almost certain that they were engaged in information collection and/or surveillance rather than destructive attacks,” Insikt Group senior director Jon Condra told The Associated Press.

Our Offices
  • 10kInfo, Inc.
    13555 SE 36th St
    Bellevue, WA 98006
  • 10kInfo Data Solutions, Pvt Ltd.
    Claywork Create
    11 km, Arakere Bannerghatta Rd, Omkar Nagar, Arekere,
    Bengaluru, Karnataka 560076
4.2 12182024