By Tenzin Sangmo
The Powerpoint document
DHARAMSHALA, Feb. 8: A recently launched phishing campaign targeting pro-Tibet individuals has been uncovered by researchers, reported ZDNet, a business technology news website published by CBS Interactive.
The malware uses the "Tibetan News" mailing list of Central Tibetan Administration (CTA) to distribute the ExileRAT Trojan.
Researchers from Cisco Talos, one of the largest commercial threat intelligence teams in the world
said that the new spying campaign sends a malicious Microsoft PowerPoint document embedded with the Remote Access Trojan (RAT) that is capable of stealing system and personal information, terminating or launching processes, surveillance and the theft of files.
The email appears to be about the 60th anniversary of the Dalai Lama's exile and the PowerPoint document is a copy of the original CTA’s "Tibet-was-never-a-part-of-China" presentation which was published in November 2018 by the CTA. \
Some recipients expressed misgivings about the email as CTA hardly ever sends an email with an attachment without notifying over the phone.
Talos found this campaign to be linked to the LuckyCat Android- and Windows-based Trojans in the past, believed to be the work of pro-Chinese threat actors in pursuit of information belonging to Tibetan activists.
Dharamshala, where the CTA, the Tibetan exile government is based, is reputedly one of the most hacked zones in the world.
In 2008, Ghostnet, a large-scale cyber spying operation of China managed to compromise the systems of the CTA and the Office of His Holiness the Dalai Lama (Gaden Phodrang).
In December 2016, in an interview with The Sunday Standard
, the CTA President had said that Beijing is planting spyware and malware and disguising the IP address of the target computer system.
Talos researchers confirmed that given the nature of this malware and the targets involved, it is likely designed for espionage purposes rather than financial gain. "This is just part of a continuing trend of nation-state actors working to spy on civilian populations for political reasons," they said.