Crouching Panda, Hidden Malware: Tibet’s Cyber Espionage Drama Unveiled
A China-linked group, TAG-112, hacked Tibetan websites to deliver the Cobalt Strike toolkit, posing as security certificates. This espionage effort targets Tibetan entities, showcasing a continued cyber-espionage focus on Tibetan entities. Despite less sophistication than its counterpart TAG-102, TAG-112’s efforts reveal a shared intelligence goal.
Hot Take:
When it comes to cyber-espionage, it seems even Tibetan monks aren’t safe from digital sleuths. TAG-112’s latest antics in the cyber playground prove that if you can’t find a needle in a haystack, you can always just set the haystack on fire and see what lights up. Spoofing TLS certificate errors? More like teaching old malicious dogs new tricks. For the record, it’s official: the world wide web should now come with a “May contain cyber-pandas” warning label.
Key Points:
– TAG-112, a China-linked cyber espionage group, attacked Tibetan websites using malicious JavaScript.
– The targeted websites were Tibet Post and Gyudmed Tantric University.
– The malicious JavaScript spoofed a TLS certificate error to deliver a Cobalt Strike payload.
– The attack exploited a Joomla security vulnerability.
– TAG-112 is considered less sophisticated than its potential parent group, TAG-102.