Alleged Chinese state-sponsored hackers are behind a barrage of emails that aim to collect intelligence from a range of targets in Tibet, including pro-independence political party and a prominent media organization, according to findings provided exclusively to Bloomberg News.
The hacking group known as TA413 uses phishing emails and customized malicious software to collect intelligence likely on behalf of the Chinese government, according to Recorded Future Inc., a Massachusetts-based cybersecurity firm.
Hackers exploited a zero-day vulnerability in a Sophos security technology to target Tibetan entities including the Tibet Times, a newspaper that’s operated in exile since 1996, the Tibetan Youth Congress and the Tibetan National Congress, according to research published Thursday.
Recorded Future said TA413 “has been particularly relentless in its targeting of the Tibetan community,” with a special focus on monitoring sources of information from Tibet. The targeted entities are located in Dharamshala, in northern India, beyond the grasp of Chinese law enforcement, but vulnerable to digital spying.
Tenzin Rabyang, the managing director for the Tibet Times, said the newspaper regularly reports on people in Tibet who have gone missing or been arrested, and has become the target of frequent cyber-espionage attempts. “We’re a small media house, we don’t have a technical person on staff to constantly watch the back-end and see what is happening to our website,” he said.
The malicious activity results in website downtime and lost photos, he said. Staffers back up their systems using physical hard drives, while technical specialists work to salvage data from hacked systems.
“The Chinese have kept strict vigilance on the outflow of news, compared to seven or eight years ago, it’s much more difficult now,” Rabyang said.
In one case, TA413 hackers masqueraded as the Central Tibetan Administration, the government in exile, promising a grant for female photographers. In fact, the messages included malicious Microsoft attachments that would have given the spies access to victims’ data.
Read the complete news here.
Edited & Collated by Team TRC