The Central Tibetan Administration website has been hacked to serve up a Java exploit that drops advanced malware, marking the latest attempt to compromise people hoping for freedom from Chinese control in the province.
The site is one of the Dalai Lama’s official sites. Those who visited xizang-zhiye(dot)org were redirected, via an embedded iframe, to an exploit that leads to the download of the Swisyn Trojan, Kaspersky said.
“At this point in time, it seems that the few systems attacked with this code are located in China and the US, although there could be more,” said Kurt Baumgartner, Kaspersky Lab expert, said in a blog post.
“Backdoors detected with the Swisyn verdict are frequently a part of APT [advanced persistent threat] related toolchains, and this one most certainly is.”
The attacker has been targeting Tibetans since at least 2011, Baumgartner said, often using watering hole attacks, where sites the hacker believes his targets will visit are compromised to serve malware.
Apple machines have also been targeted, whilst spear phishing has also been in use.
Tibetans see plenty of attempts to breach their systems every day, with spear phishing a constant threat. China is often suspected of sponsoring the attacks, just as it was when Android malware appeared in April, posing as a legitimate communications app called Kakao Talk.
China is also suspected of attacks on other activists it considers a threat. Last month, TechWeekEurope revealed attempts on Falun Gong activists with zero-day malware.
China has consistently denied it sponsors any kind of hacking.
What do you know about Internet security? Find out with our quiz!
Amazon staff in seven cities across US go on strike after company fails to negotiate,…
Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…
Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…
North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…