Chinese hackers hacked Tibetan websites to spread malware

13 November 2024 2 minutes Author: Newsman

Hackers from the Chinese group TAG-112 hacked the websites of the Tibet Post news portal and the Gyudmed Tantric University. Cobalt Strike, which is usually used by cyber security specialists to test defenses, has also become popular among attackers to carry out attacks. After hacking the sites, hackers offered visitors to download a “security certificate” that actually contained malicious code.

Another hacker group, Evasive Panda, which has ties to the Chinese government and targets the Tibetan community, used a similar modus operandi. Although the activities of TAG-112 and Evasive Panda are similar, experts believe that they are two different groups. TAG-112 is less technically sophisticated, but actively works with Cobalt Strike, while Evasive Panda uses more specific malware.

Hacked websites are built on the Joomla platform and, if not properly updated and secured, become prime targets for cybercriminals. Vulnerabilities in the system allowed attackers to inject malicious code and use the site to attack visitors.

This is not the first time that Chinese hackers have targeted the Tibetan community, and Chinese authorities consider the Tibetan community a threat to internal stability. The Chinese government considers exiled Tibetan human rights and cultural groups dangerous to its own policy and is trying to gather as much information as possible about their activities.

Hacker groups such as TAG-112 and Evasive Panda are likely to continue their attacks on organizations associated with the Tibetan community, ethnic and religious groups, and human rights organizations that oppose Chinese government policies.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.