Tibetans Targeted As Dalai Lama Site Hacked To Serve Malware

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Tibetans targeted yet again in watering hole attack

The Central Tibetan Administration website has been hacked to serve up a Java exploit that drops advanced malware, marking the latest attempt to compromise people hoping for freedom from Chinese control in the province.

The site is one of the Dalai Lama’s official sites. Those who visited xizang-zhiye(dot)org were redirected, via an embedded iframe, to an exploit that leads to the download of the Swisyn Trojan, Kaspersky said.

Malware - Fotolia: skull button © alekup #34457353Tibetans attacked

“At this point in time, it seems that the few systems attacked with this code are located in China and the US, although there could be more,” said Kurt Baumgartner, Kaspersky Lab expert, said in a blog post.

“Backdoors detected with the Swisyn verdict are frequently a part of APT [advanced persistent threat] related toolchains, and this one most certainly is.”

The attacker has been targeting Tibetans since at least 2011, Baumgartner said, often using watering hole attacks, where sites the hacker believes his targets will visit are compromised to serve malware.

Apple machines have also been targeted, whilst spear phishing has also been in use.

Tibetans see plenty of attempts to breach their systems every day, with spear phishing a constant threat. China is often suspected of sponsoring the attacks, just as it was when Android malware appeared in April, posing as a legitimate communications app called Kakao Talk.

China is also suspected of attacks on other activists it considers a threat. Last month, TechWeekEurope revealed attempts on Falun Gong activists with zero-day malware.

China has consistently denied it sponsors any kind of hacking.

What do you know about Internet security? Find out with our quiz!