Network Security, Threat Intelligence

Chinese malware attack hits Tibetan websites

Credit: Adobe Stock Images

Tibetan organizations Tibet Post and Gyudmed Tantric University had their websites breached by suspected Chinese state-backed threat operation TAG-112 in late May to spread the Cobalt Strike beacon and facilitate further malware compromise, The Associated Press reports. TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future's Insikt Group revealed. "While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan community, it is almost certain that they were engaged in information collection and/or surveillance rather than destructive attacks," said Insikt Group Senior Director Jon Condra. Meanwhile, such attacks' attribution to China were dismissed by the Chinese Foreign Ministry, which noted not having any knowledge of the website breaches.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds