China appears to be taking its decades-old cold war with Tibet into cyberspace, research by IT security firm AlienVault has revealed.
Researchers discovered a range of spear phishing attacks against a number of Tibetan organisations, apparently from Chinese hackers.
“Our research suggests that the attacks we have been tracking over the last few months are linked to the Kalachakra Initiation, a Tibetan religious festival that took place in early January,” said Jaime Blasco, head of labs with AlienVault.
The spear phishing e-mails are not that sophisticated and feature a Microsoft dot-DOC attachment that exploits a known Office stack overflow vulnerability dating back to last September, which has since been patched by Microsoft, he said.
The researchers said the malware code methodology is not particularly sophisticated, but uses techniques to hide from anti-virus software.
The bad news is that the VirusTotal service – which checks viruses on up to 44 IT security applications – shows that these hiding techniques mean the infection was detected by just two anti-virus suppliers at the time of the attacks, said Blasco.
Analysis of the malware’s internet traffic revealed that it was attempting to communicate with a command-and-control server somewhere in China.
The use of command-and-control servers allows cyber criminals to gain remote control of the machines infected by malware and allows the structure and purpose of the malware program code to be changed remotely, said Blasco.
“This allows the cyber criminals to adapt the infection remotely in response to changing circumstances, such as anti-virus software being updated to search specifically for the malware in question, so starting the entire cat-and-mouse detection process off once again,” he said.