Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders.
The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek.
Continue reading Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor

By Waqas
Evasive Panda, also identified as BRONZE HIGHLAND and Daggerfly, is carrying out global targeting of Tibetans.
This is a post from HackRead.com Read the original post: Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
Continue reading Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor

China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data

Chinese genetics company BGI accused of misusing DNA harvested from prenatal testing.
The post China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data appeared first on Security Boulevard.
Continue reading China ‘Eugenics’ Claim as BGI Hoards Prenatal Test DNA Data

Hackers using malicious Firefox extension to phish Gmail credentials

By Waqas
The malicious Firefox extension is called FriarFox which is also being used by Chinese hackers to spy on Tibetan activists.
This is a post from HackRead.com Read the original post: Hackers using malicious Firefox extension to phish Gmail crede… Continue reading Hackers using malicious Firefox extension to phish Gmail credentials

Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks

The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents. Continue reading Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks

A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata

Chinese government-linked hackers are monitoring mobile text messages of specific users, and for certain keywords as part of a new surveillance campaign meant to track individuals in a vast trove of telecommunication data, according to findings published Thursday. APT41, a group that carries out state-sponsored cyber-espionage on Beijing’s behalf, this summer compromised an unnamed telecommunications provider to monitor the messaging activity of high-ranking individuals of interest to the Chinese government, according to FireEye. Chinese hackers primarily have been scanning for military or intelligence keywords, tracking how subjects are reacting to protests, such as those in Hong Kong, and analyzing victims’ opinions of world leaders, Steve Stone, advanced practices director at FireEye, told CyberScoop. During the same intrusions into the unnamed phone company, APT41 also sought individuals’ records from call detail record (CDR) databases, which provide metadata such as the time the calls were made, the phone numbers involved, and the length of the […]

The post A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata appeared first on CyberScoop.

Continue reading A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata

Cylance: More and more APT groups are relying on mobile malware to track dissidents

State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers — including groups that have previously been unknown — are using the malware to also spy on targets abroad. “It’s … worth expanding our notion of the typical target of the Chinese government: malware meant for targets of interest … for domestic reasons may very well end up inside a Western business,” Cylance researchers write in a blog post. Chinese hackers, for instance, have been using mobile malware to spy on the Uighur and Tibetan population in recent months through iOS and Android malware. But while Volexity, the firm behind the Uighur population’s surveillance research, has previously said there were “possible ties” between the two campaigns, Cylance links both to one actor. Cylance claims Winnti, a Chinese APT group better known for its targeting […]

The post Cylance: More and more APT groups are relying on mobile malware to track dissidents appeared first on CyberScoop.

Continue reading Cylance: More and more APT groups are relying on mobile malware to track dissidents

A cyber-espionage effort against Tibetan leaders leveraged known Android, iOS vulnerabilities

Hackers aimed to infect mobile phones belonging to senior members of Tibetan groups, including people who worked directly for the Dalai Lama, as well as lawmakers in Tibet’s parliament, according to new findings from a team of researchers at the University of Toronto. The digital rights group Citizen Lab on Tuesday detailed an apparent cyber-espionage effort which involved attackers posing as journalists, Amnesty International researchers, nongovernmental organization workers and other faked identities to send malicious links in a WhatsApp conversation. Researchers observed the campaign, dubbed Poison Carp, between November 2018 and May 2019. Hackers relied on eight Android browser vulnerabilities, Android spyware, a single iOS exploit chain (a combination of malicious actions allowing hackers to achieve a goal) and iOS spyware. None of the attacks utilized zero-day exploits, the name given to hacking tools that take advantage of never-disclosed vulnerabilities. None of the intrusion attempts detected here were successful, but at […]

The post A cyber-espionage effort against Tibetan leaders leveraged known Android, iOS vulnerabilities appeared first on CyberScoop.

Continue reading A cyber-espionage effort against Tibetan leaders leveraged known Android, iOS vulnerabilities

How hackers used a PowerPoint file to spy on Tibet’s government-in-exile

A recently discovered PowerPoint file offers new clues on how hackers are trying to spy on Tibet’s government-in-exile. The malicious document was emailed to subscribers of a mailing list managed by the Central Tibetan Administration (CTA), the organization representing Tibet’s exiled government, according to Talos, Cisco’s threat intelligence unit. Tibet is officially part of China, but Tibetan leaders have lived in exile in India for decades. The email masqueraded as a file that would appeal to their politics. The PowerPoint file name – “Tibet-was-never-a-part-of-China.ppsx” – caters to the CTA mailing list, as does the message in the body of the email marking the upcoming 60th anniversary of the exile of Tibetan spiritual leader the Dalai Lama, researchers said. “Unfortunately, this [is] just part of a continuing trend of nation-state actors working to spy on civilian populations for political reasons,” Talos researchers said in a blog published Monday. They did not attribute the […]

The post How hackers used a PowerPoint file to spy on Tibet’s government-in-exile appeared first on CyberScoop.

Continue reading How hackers used a PowerPoint file to spy on Tibet’s government-in-exile

Spy Campaign Spams Pro-Tibet Group With ExileRAT

Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration. Continue reading Spy Campaign Spams Pro-Tibet Group With ExileRAT