Man
Professional
- Messages
- 3,046
- Reaction score
- 570
- Points
- 113
A simple attack or part of a global strategy?
A group of hackers allegedly linked to the Chinese government carried out a cyberattack on Tibetan media resources and educational institutions. According to researchers from Recorded Future's Insikt Group, a hacking group codenamed TAG-112 hacked the websites of digital news outlet Tibet Post and Gyumey Tantric University in late May 2023. At the time of publication of the report, the sites were still under the control of hackers.
Experts have found several similarities between the activities of TAG-112 and another Chinese hacker group, Evasive Panda, which experts characterize as highly skilled and aggressive. Both groups have shown interest in the Tibetan community, with Evasive Panda previously hacking into the Tibet Post. In both cases, the attackers modified the compromised sites in such a way as to encourage visitors to download a malicious file under the guise of a "security certificate."
Despite similar methods of work, Insikt Group analysts consider TAG-112 to be a separate hacking group. Unlike Evasive Panda, TAG-112 demonstrates less sophisticated technical skills and does not use custom malware. Instead of specially developed software, the group uses Cobalt Strike, a legitimate cybersecurity tool designed to simulate cyberattacks by specialists. The Cobalt Strike Beacon payload is widely used by hackers to carry out real-world attacks.
According to the researchers, TAG-112 may be a subgroup of Evasive Panda working on similar intelligence-gathering tasks. The hacked sites were created on the basis of the Joomla content management system. In the absence of timely updates and support, such sites become an easy target for cybercriminals. Presumably, the group used vulnerabilities in web resources to download malicious code.
The Tibetan community in exile, like other ethnic minorities in China, has long been in the crosshairs of various Chinese cyberespionage groups. Beijing views such groups as subversive or separatist elements that challenge the Chinese Communist Party.
Experts predict that TAG-112 and Evasive Panda will continue to attack organizations related to ethnic, religious and human rights issues that work in China or are related to the country. Earlier in March 2023, a cyberespionage campaign related to Evasive Panda was recorded, in which Tibetans were asked to download translation software containing malicious code. The attack affected Tibetans living in India, Taiwan, Hong Kong, Australia and the United States.
Source
A group of hackers allegedly linked to the Chinese government carried out a cyberattack on Tibetan media resources and educational institutions. According to researchers from Recorded Future's Insikt Group, a hacking group codenamed TAG-112 hacked the websites of digital news outlet Tibet Post and Gyumey Tantric University in late May 2023. At the time of publication of the report, the sites were still under the control of hackers.
Experts have found several similarities between the activities of TAG-112 and another Chinese hacker group, Evasive Panda, which experts characterize as highly skilled and aggressive. Both groups have shown interest in the Tibetan community, with Evasive Panda previously hacking into the Tibet Post. In both cases, the attackers modified the compromised sites in such a way as to encourage visitors to download a malicious file under the guise of a "security certificate."
Despite similar methods of work, Insikt Group analysts consider TAG-112 to be a separate hacking group. Unlike Evasive Panda, TAG-112 demonstrates less sophisticated technical skills and does not use custom malware. Instead of specially developed software, the group uses Cobalt Strike, a legitimate cybersecurity tool designed to simulate cyberattacks by specialists. The Cobalt Strike Beacon payload is widely used by hackers to carry out real-world attacks.
According to the researchers, TAG-112 may be a subgroup of Evasive Panda working on similar intelligence-gathering tasks. The hacked sites were created on the basis of the Joomla content management system. In the absence of timely updates and support, such sites become an easy target for cybercriminals. Presumably, the group used vulnerabilities in web resources to download malicious code.
The Tibetan community in exile, like other ethnic minorities in China, has long been in the crosshairs of various Chinese cyberespionage groups. Beijing views such groups as subversive or separatist elements that challenge the Chinese Communist Party.
Experts predict that TAG-112 and Evasive Panda will continue to attack organizations related to ethnic, religious and human rights issues that work in China or are related to the country. Earlier in March 2023, a cyberespionage campaign related to Evasive Panda was recorded, in which Tibetans were asked to download translation software containing malicious code. The attack affected Tibetans living in India, Taiwan, Hong Kong, Australia and the United States.
Source
