The analytical report from Citizen Lab of the malware campaign that targeted the Tibetan community in exile recently suggested that the Tibetan diaspora is a common target of internet spies or Digital Espionage. A malware campaign detected to have erupted in the circle of the Tibetan community in exile had been active during the months of January, February and March this year.
“In January 2018, a Tibetan activist received a mundane-looking email purporting to be program updates from a human rights NGO. Attached to the message were a PowerPoint presentation and a document. The activist, like many in the Tibetan diaspora, had grown wary of unsolicited emails with attachments, and instead of opening the documents, shared the files with Citizen Lab researchers.” explains the detailed report of the Malware Campaign targeting the Tibetan diaspora, according to the Citizen Lab.
After examination by the lab, it was discovered that the attachments were malicious and if one had clicked it, the files would run a loaded program to infect Windows computers with custom malware. The malware campaign saw using tricks to force the targets into opening exploit-laden PowerPoint (CVE-2017-0199) and Microsoft Rich Text Format (RTF) documents (CVE-2017-11882) attached to e-mail messages.
According to the researchers, the recent malware campaign is a resurfaced campaign of a 2016 campaign that targeted Tibetan Parliamentarians. These connections suggest that the same group may be involved or tools and infrastructure are being shared between multiple groups.
While the report clearly suggest that at least one organization was compromised by the malware campaign, it advised the Tibetans to get away with the mindset ‘I have nothing to hide’, as if compromised, it allows the the spies to fetch information that can be used to target other Tibetans. “Tibetans in Exile are also constantly in touch with Tibetans inside Tibet, where the harms can be severe – including arrest, detention, and imprisonment.”
“Digital espionage has become a commonplace threat for the Tibetan diaspora. Digital security awareness and best practices for defense are now necessities for the community. Based on this experience, for Tibetans the harm of espionage operations is clear.” added the report in the end adding that in response to the persistent threat of digital espionage, Tibetan groups have launched grassroots efforts to increase digital security education, but changing behaviour and building capacity requires time and patience.