2 min read

Tibetan activists, diaspora hit by resurfacing malware in cyberespionage operation

Luana PASCU

August 13, 2018

Tibetan activists, diaspora hit by resurfacing malware in cyberespionage operation

The Tibetan diaspora has once again fallen victim to a sophisticated malware campaign similar to one detected in 2016, reports Citizen Lab after receiving the infected files from one of the targets – a Tibetan NGO.

It appears the campaign was activated between January and March 2018 and bears a lot of similarity with another malware campaign that happened in 2016, both allegedly part of the Tropic Trooper campaign, when hackers targeted the governments of Taiwan and the Philippines.

“The Resurfaced Campaign used different exploits and payloads than the Parliamentary Campaign but shares other connections,” reads the report. “The two campaigns used similar spear phishing messages and both targeted Tibetan parliamentarians. One of the e-mail addresses used to send spear phishing messages in the Resurfaced Campaign (tibetanparliarnent[@]yahoo.com) was also used repeatedly during the Parliamentary Campaign.”

Malicious campaigns have so far targeted Tibetan activists, journalists, members of the Tibetan Parliament in exile and the Central Tibetan Administration, as part of a large-scale cyberespionage operation. Researchers believe the same hacker group could be behind all the campaigns on the Tibetan diaspora, which has been highly targeted in the past ten years.

The Tibetan activist who received the infected files was suspicious from the get-go as this wasn”t the first time such an attempt was made. Even though the email seemed legitimate, it contained a Power Point presentation and a text file.

Once analyzed by Citizen Lab, they concluded the two were indeed infected with malicious code meant to infect Windows computers. In comparison with the previous campaign which relied on targeted malware, known exploits and basic Remote Access Trojans, the 2018 campaign relied more on social engineering schemes to trick the victims into opening the corrupted files and steal credentials through phishing attempts.

“The campaign used social engineering to trick targets into opening exploit-laden PowerPoint (CVE-2017-0199) and Microsoft Rich Text Format (RTF) documents (CVE-2017-11882) attached to e-mail messages,” writes Citizen Lab. “The malware includes a PowerShell payload we call DMShell++, a backdoor known as TSSL, and a post-compromise tool we call DSNGInstaller.”

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read