Fake Emails Used to Spy on Targeted Tibetan Organizations

An online campaign against the Tibetan organizations related to the Central Tibetan Administration in Dharamshala, India by using fake emails to spy on them. The online espionage campaign has targeted the mail lists of the Central Tibetan Administration during the festive period of the Tibetan New Year.

The attempted cyber attack against the CTA mailing list was disclosed in a new research published by the Cisco Talos Group. The emails purported to be from CTA, said they were commemorating the upcoming 60th anniversary of the Dalai Lama’s exile on March 31 with an attached Microsoft PowerPoint document titled “Tibet Was Never A Part of China.”

The targeted attack against pro-Tibetan supporters once downloaded would install the ExileRat remote access Trojan through malicious PowerPoint attachments. Once infected, the RAT will allow attackers to retrieve information, execute commands, and steal data from the infected computers according to the report in Bleeping Computer.

A screenshot of the fake email received by the CTA mailing list
A screenshot of the fake email received by the CTA mailing list

The researchers also explained that the nature of the attack was rather for espionage purpose than for financial gains. The attached document is a large slide show (made up of over 240 slides). Interestingly, the document is actually a copy of a legitimate PDF available for download from the CTA’s tibet.net homepage according to the researchers.

Tha malicious attachment sent in fake emails
Tha malicious attachment sent in fake emails

Tibetan Computer Resource Center (TCRC) in CTA, Dharamshala regularly warn its mailing list to be wary of emails from unknown or suspicious contacts, especially containing attachments. According to the recent interview to the head of TCRC on Tibet TV, he warns all Tibetan organizations and Tibet supporters to not open any suspicious email coming from unknown or suspicious contacts ahead of the upcoming 60th Tibetan National Uprising Day on March 10.

Featured Image: Head of TCRC informing about possible attempts ahead of March 10 during his interview on ‘In Conversation with Tibet TV.

Share this on

Editor TJ

Editor at Tibetan Journal, News/Reviews/Opinions

One thought on “Fake Emails Used to Spy on Targeted Tibetan Organizations

  • February 27, 2019 at 9:39 am

    Are we blaming this on China or what? So that means our Tibetan government can’t even build some kind of Anti virus against these usual cyber attack. What ever who cares?


Leave a Reply

Your email address will not be published. Required fields are marked *