Malware, Threat Intelligence

Chinese malware attack hits Tibetan websites

Share
Chinese hacker. Laptop with binary computer code and china flag

Tibetan organizations Tibet Post and Gyudmed Tantric University had their websites breached by suspected Chinese state-backed threat operation TAG-112 in late May to spread the Cobalt Strike beacon and facilitate further malware compromise, The Associated Press reports.

TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future's Insikt Group revealed. "While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan community, it is almost certain that they were engaged in information collection and/or surveillance rather than destructive attacks," said Insikt Group Senior Director Jon Condra. Meanwhile, such attacks' attribution to China were dismissed by the Chinese Foreign Ministry, which noted not having any knowledge of the website breaches.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.