Tibetan organizations Tibet Post and Gyudmed Tantric University had their websites breached by suspected Chinese state-backed threat operation TAG-112 in late May to spread the Cobalt Strike beacon and facilitate further malware compromise, The Associated Press reports.
TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future's Insikt Group revealed.
"While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan community, it is almost certain that they were engaged in information collection and/or surveillance rather than destructive attacks," said Insikt Group Senior Director Jon Condra.
Meanwhile, such attacks' attribution to China were dismissed by the Chinese Foreign Ministry, which noted not having any knowledge of the website breaches.
Network Security, Threat Intelligence
Chinese malware attack hits Tibetan websites
Credit: Adobe Stock Images
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds