This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spy malware buried on official Tibetan website

Share this article:

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait.

"The attack itself is precisely targeted," Kurt Baumgartner, principal security researcher at Kaspersky Lab, wrote in a blog post on Monday. "[A]n appended, embedded IFrame redirects visitors to a Java exploit that maintains a backdoor payload."

Researchers said the attackers have employed certain tricks in this campaign, including functionality that allows them to download the payload in an encrypted format.

Tibetan activists have been targeted in the past by sophisticated malware, including Trojans written for Mac OS X, some of which date back to 2008.

"This threat actor has been quietly operating these sorts of watering-hole attacks for at least a couple of years and also the standard spear phishing campaigns against a variety of targets that include Tibetan groups," Baumgartner said.

The English and Tibetan language versions of the site were not affected. It is unclear who is responsible for the attack, but China has been fingered as the culprit in the past.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...