abcnews.go.com
Chinese Hackers Target Tibetan Websites
A Chinese state-sponsored hacking group targeted Tibetan websites to install malware, prompting concerns over cyber espionage and information gathering.
English
United States
ChinaCybersecurityIndo PacificEspionageCyberattackState-SponsoredTibetan IndependenceInformation Security
Insikt GroupRecorded FutureTibet PostGyudmed Tantric UniversityChinese Foreign Ministry
Jon CondraDalai Lama
- What is the likely purpose of the attack?
- The websites were compromised in late May, and the attack overlaps with a previously known group, TAG-102, suggesting a connection.
- What type of malware was installed on users' computers?
- The malware enabled key logging, file transferring, and deployment of additional malware, likely for information collection and surveillance.
- What method did the hackers use to compromise the websites?
- The attack involved a malicious executable file disguised as a security certificate, which installed Cobalt Strike Beacon malware.
- Which group is suspected of being behind the website hacks?
- A Chinese state-sponsored hacking group, TAG-112, compromised the Tibet Post and Gyudmed Tantric University websites.
- What is the Chinese government's response to these accusations?
- The Chinese government denies involvement, while the targeted websites promote Tibetan interests and independence.