Spy malware buried on official Tibetan website

Share this article:
Researchers have identified a new "watering hole" APT attack.
Researchers have identified a new "watering hole" APT attack.

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait.

"The attack itself is precisely targeted," Kurt Baumgartner, principal security researcher at Kaspersky Lab, wrote in a blog post on Monday. "[A]n appended, embedded IFRAME redirects visitors to a Java exploit that maintains a backdoor payload."

Researchers said the attackers have employed certain tricks in this campaign, including functionality that allows them to download the payload in an encrypted format.

Tibetan activists have been targeted in the past by sophisticated malware, including trojans written for Mac OS X, some of which date back to 2008.

"This threat actor has been quietly operating these sorts of watering-hole attacks for at least a couple of years and also the standard spear phishing campaigns against a variety of targets that include Tibetan groups," Baumgartner said.

The English and Tibetan language versions of the site were not affected. It's unclear who is responsible for the attack, but China has been fingered as the culprit in the past.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.