Tech giant Microsoft has reportedly patched a serious Windows bug that allowed China government-backed hackers, who previously targeted the Tibetan government-in-exile based in Dharamshala, to actively exploit it in Microsoft Office to steal and delete users' data.
According to cyber-security firm Proofpoint, the newly-discovered zero-day vulnerability titled 'Follina' in Microsoft Office was being exploited by advanced persistent threat (APT) group 'TA413' linked to the Chinese government. Details shared by Proofpoint on Twitter had suggested that a hacking group labeled TA413 was using the vulnerability (named “Follina” by researchers) in malicious Word documents purported to be sent from the Central Tibetan Administration, the Tibetan government in exile based in Dharamsala. The TA413 group is an APT, or “advanced persistent threat,” actor believed to be linked to the Chinese government and has previously been observed targeting the Tibetan exile community.
"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability," Microsoft said in its latest advisory on Wednesday.
Chinese hackers have tried to target Tibetans and steal data using security flaws time and again. The security vendor Proofpoint had stated that it had seen low-level phishing campaigns against the Tibetan diaspora since March 2020, but that these took another turn in the first two months of 2021 with the use of a customized malicious extension dubbed “FriarFox.
The official Twitter handle of Tenzin Lekshay, the spokesperson and additional secretary, Department of Information and International Relations for the Central Tibetan Administration [CTA] had mysteriously disappeared on January 17, 2022 and it still remains suspended.
By Team TRC