14 DAY TRIAL // While some hackers deface Chinese government sites demanding the freedom of Tibet, others target organizations such as the Central Tibet Administration and International Campaign for Tibet to show that the much desired freedom won’t be obtained easily.
AlienVault Lab experts report that the attacks are launched by the same group of Chinese hackers that are considered responsible for the Nitro hits, the ones designed to steal sensitive information from chemical and defense companies.
The attack begins with an email that carries a malicious Microsoft Office document that exploits a known vulnerability.
Detailed analysis of these emails, which pretend to promote the Kalachakra Initiation, a Tibetan religious festival, actually spread a version of Gh0st RAT (remote access Trojan), which was also utilized in last year’s Nitro operation.
“It is no surprise that Tibetan organizations are being targeted – they have been for years – and we continue to see Chinese actors breaking into numerous organizations with impunity. Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions,” AlienVault’s Jamie Blasco writes.
The complete analysis of these malicious emails is available here.