Chinese Hackers Target Tibetan Websites with Malware

A Chinese state-sponsored hacking group, identified as TAG-112, has compromised two websites associated with the Tibetan community—Tibet Post and Gyudmed Tantric University—in a cyberattack aimed at installing malware on users' computers. The attack, which occurred in late May, involves misleading visitors into downloading a malicious file disguised as a security certificate, which then installs Cobalt Strike Beacon malware capable of keylogging and other malicious activities. This incident reflects a broader trend of cyber espionage targeting the Tibetan community, a historical focus of Chinese state-sponsored hackers. While Chinese authorities deny involvement in such hacking incidents, the cybersecurity firm Insikt Group emphasizes that the attack aligns with ongoing information collection efforts against Tibetans. The compromised websites remain vulnerable, and the attack highlights the persistent risks faced by ethnic minorities in China. TAG-112 has been linked to a more sophisticated group, Evasive Panda, suggesting a coordinated effort to gather intelligence for Beijing.