Chinese Hackers Target Tibetan Websites in Sophisticated Cyber Attack
A Chinese state-sponsored hacking group, identified as TAG-112, has successfully compromised two prominent Tibetan community websites, according to recent cybersecurity reports. The targeted sites, Tibet Post and Gyudmed Tantric University fell victim to a sophisticated attack aimed at installing malware on users’ computers for information gathering and potential surveillance activities.
The malicious software, disguised as a security certificate, prompts unsuspecting users to download an executable file. Once installed, the malware deploys Cobalt Strike Beacon, a powerful tool capable of keylogging and file transferring, enabling extensive espionage operations.
Cybersecurity experts note that this attack aligns with historical patterns of targeting the Tibetan community for information collection. However, The Chinese Foreign Ministry has denied involvement in state-sponsored hacking activities and claims no awareness of the reported incidents.
TAG-112 is believed to be connected to a previously tracked group known as TAG-102, also referred to as Evasive Panda or StormBamboo. Active since 2012, TAG-102 has been associated with Chinese-sponsored advanced persistent threat (APT) activities. The two groups’ shared tactics, techniques, and targets suggest a strong interconnection.
Historically, TAG-102 has targeted entities opposing the Chinese government, including human rights and religious organizations. Both compromised websites are based in India and have been informed of the breach. While Gyudmed Tantric University has reportedly resolved the issue, Tibet Post remains compromised.
The Tibet Post, known for advocating democracy and Tibetan independence, directly challenges China’s territorial claims over Tibet. The region’s loyalty to the Dalai Lama and historical tensions with China contribute to the persistent targeting of Tibetan organizations in cyberspace.
This latest cyber-attack occurs against a backdrop of ongoing accusations against China for human rights abuses in Tibet, including alleged cultural assimilation efforts. As tensions continue, cybersecurity experts warn of potential further attacks on Tibetan and other opposition groups’ digital infrastructure.