Tibetan organisations attacked by Chinese spearphishing

By

Messages contained remote access trojan.

A range of spearphishing attacks sent allegedly from China against Tibetan organisations have been detected.

Tibetan organisations attacked by Chinese spearphishing
AlienVault researchers who discovered the attacks said Tibetan activist organisations including the Central Tibet Administration and International Campaign for Tibet were targeted.
 
The messages carried information on the Tibetan religious festival Kalachakra Initiation, and included a malicious PDF attachment that exploited a patched stack overflow Microsoft vulnerability.
 
It executed the Gh0st remote access Trojan which enabled a range of functions from data exfiltration to activating a target computer's microphone. 
 
AlienVault head of labs Jaime Blasco said the attack used command-and-control servers to grant remote control of infected machines and change the structure and purpose of the malware program.
 
That allowed attackers to remotely adapt the infection in response to changing circumstances, such as updates to anti-virus software. VirusTotal found that these obfuscation steps meant the infection was detected by just two anti-virus vendors at the time of the attacks.
 
The attacks likely originated from the same group of Chinese hackers that launched the Nitro attacks against chemical and defence companies late last year, according to researchers. They said the tool appeared to be the same variant used in the Nitro attacks.
 
The digital certificate used to sign the tool was revoked by VeriSign in December last year.
 
AlienVault previously detected Chinese attacks against US government agencies, including the US Department of Defense which used a new strain of the Sykipot malware to compromise smartcards.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
alienvaultemailphishingratsecurity

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?