An online campaign against the Tibetan organizations related to the Central Tibetan Administration in Dharamshala, India by using fake emails to spy on them. The online espionage campaign has targeted the mail lists of the Central Tibetan Administration during the festive period of the Tibetan New Year.
The attempted cyber attack against the CTA mailing list was disclosed in a new research published by the Cisco Talos Group. The emails purported to be from CTA, said they were commemorating the upcoming 60th anniversary of the Dalai Lama’s exile on March 31 with an attached Microsoft PowerPoint document titled “Tibet Was Never A Part of China.”
The targeted attack against pro-Tibetan supporters once downloaded would install the ExileRat remote access Trojan through malicious PowerPoint attachments. Once infected, the RAT will allow attackers to retrieve information, execute commands, and steal data from the infected computers according to the report in Bleeping Computer.
The researchers also explained that the nature of the attack was rather for espionage purpose than for financial gains. The attached document is a large slide show (made up of over 240 slides). Interestingly, the document is actually a copy of a legitimate PDF available for download from the CTA’s tibet.net homepage according to the researchers.
Tibetan Computer Resource Center (TCRC) in CTA, Dharamshala regularly warn its mailing list to be wary of emails from unknown or suspicious contacts, especially containing attachments. According to the recent interview to the head of TCRC on Tibet TV, he warns all Tibetan organizations and Tibet supporters to not open any suspicious email coming from unknown or suspicious contacts ahead of the upcoming 60th Tibetan National Uprising Day on March 10.
Featured Image: Head of TCRC informing about possible attempts ahead of March 10 during his interview on ‘In Conversation with Tibet TV.