This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spy malware buried on official Tibetan website

Share this article:

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait.

"The attack itself is precisely targeted," Kurt Baumgartner, principal security researcher at Kaspersky Lab, wrote in a blog post on Monday. "[A]n appended, embedded IFrame redirects visitors to a Java exploit that maintains a backdoor payload."

Researchers said the attackers have employed certain tricks in this campaign, including functionality that allows them to download the payload in an encrypted format.

Tibetan activists have been targeted in the past by sophisticated malware, including Trojans written for Mac OS X, some of which date back to 2008.

"This threat actor has been quietly operating these sorts of watering-hole attacks for at least a couple of years and also the standard spear phishing campaigns against a variety of targets that include Tibetan groups," Baumgartner said.

The English and Tibetan language versions of the site were not affected. It is unclear who is responsible for the attack, but China has been fingered as the culprit in the past.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

1 in 5 corporate networks host child sex abuse content

1 in 5 corporate networks host child sex ...

One in five companies have someone who has downloaded child sex abuse images at work. But in just 3.5 per cent of cases this has led to a criminal investigation ...

UK's Racing Post leaks 677,000 customer names and passwords

UK's Racing Post leaks 677,000 customer names and ...

SQL injection to blame for Racing Post incursion

NSA has 850 billion pieces of searchable metadata

NSA has 850 billion pieces of searchable metadata

The National Security Agency (NSA) is reported to have developed its own search engine to sift through the billions of phone calls, emails and other electronic communications it harvests and ...