Chinese hackers target Tibetan websites in malware attack, cybersecurity group says

BANGKOK — A hacking group that is believed to be Chinese state- The hack of the Tibet Post and Gyudmed Tantric University websites appears geared toward obtaining access to the computers of people visiting to obtain information on them and their activities, according to the analysis by the Insikt Group, the threat research division of the Massachusetts-based cybersecurity consultancy Recorded Future. “While we do not have visibility into the activity that TAG-112 conducted on compromised devices in this campaign, given their likely cyber espionage remit and the targeting of the Tibetan community, it is almost certain that they were engaged in information collection and/or surveillance rather than destructive attacks,” Insikt Group senior director Jon Condra told The Associated Press. According to the Insikt group research, the sites were first compromised in late May and the attacks bear many overlaps with a previously tracked hacker group known as TAG-102, leading analysts to conclude it is a subgroup of the already known group “working toward the same or similar intelligence requirements,” Insikt Group said. “The group has engaged in a wide variety of campaigns over the years, with an emphasis on targeting individuals and organizations in opposition to the Chinese government, such as human rights organizations, religious organizations, ethnic minority groups, academic institutions, and supporters of democracy or independence movements in Taiwan, Hong Kong, and even in mainland China,” Insikt Group said.