The intensity of Chinese elements carrying out cyberespionage attacks on Tibetans has continued to increase, and the latest expose showed how Trojan installers were used to target Tibetans living outside China. ESET, a Canada-based global security firm, said Chinese government hacking groups used malicious downloaders to compromise a Buddhist trust website to gather sensitive information.
This cyber espionage campaign attacked the Tibetans living in the US, Hong Kong, Australia and India. The ESES said the spy attack was carried out by Chinese government-sponsored hacking groups, which deployed trojanized installers on the website of the Kagyu International Monlam Trust. This organisation promotes Tibetan Buddhism internationally.
“The campaign by the China-aligned Evasive Panda APT group leveraged the Monlam Festival — a religious gathering — to target Tibetans in several countries and territories,” the firm said in its report.[1] The ”watering hole” attack by the Chinese groups occurred in January 2024 to compromise the website. There has been a surge in sophisticated cyberespionage attacks that are part of the Beijing government’s strategy to control the lives of Tibetans and monitor their activities.
A few years ago, a mailing list run by the Central Tibetan Administration (CTA) was highjacked to plant malicious software that was programmed to steal system and personal information, terminate or launch processes, surveillance and theft of files.[2] Tenzin Dalha, a research fellow at the Tibet Policy Institute, called it “One facet of more comprehensive and sophisticated cyberattacks perpetrated by Chinese state-sponsored hackers.”
In 2018, some researchers at the University of Toronto conducted a 19-month-long investigation to expose a phishing operation being carried out at the behest of Beijing. The hackers impersonated major email service providers besides some news websites. “Uyghurs, Falun Gong supporters, and Tibetan groups are well-documented targets of digital espionage operations that are often suspected to be carried out by operators directly sponsored or tacitly supported by Chinese government agents,” read the report.
In 2022, Chinese hackers impersonated Tibet media or a pro-independence political party and sent emails to collect information. The hacking group named TA413 carried out cyber espionage following instruction from the Communist Party government of China, said cybersecurity firm Recorded Future. “Targeting this community has been a constant and is almost certainly indicative of the group’s primary intelligence assignments,” it said.[3]
China’s involvement in digital spying of Tibetans came to the fore around two decades ago. NGO named International Campaign for Tibet had in 2003 found that a Beijing-based company had developed a software programme that tried to spy by sending innocuous-looking messages.[4] Cyber security firm AlienVault in 2012 succeeded in identifying the hacker group that targeted Tibetans and their supporters. Moreover, it tracked down the link between the domain contact and the Chengdu-based security firm. [5]
In 2009, a hacking campaign attacked 1,295 infected hosts in 103 countries, which included ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The serious breach had led to unprecedented access to crucial and sensitive information, including documents from the private office of the Dalai Lama.[6]
Things are worse for those living In Tibet. Recently, the Chinese government has forced Tibetans to install a mobile app that could read users’ texts, and internet browser histories and access personal data.[7] It is mandatory for those working in government offices. And other Tibetan people will not be able to admit their children to schools or apply for an identification card if they refuse to install that app. “The local source in Tibet has told us how the authorities keep an eye on everything they do on their phones. The situation in these regions has become highly sensitive,” said Pema Gyal, a researcher at London-based advocacy group Tibet Watch.[8]
Neither Tibetans living inside China nor those living in other countries are immune from Chinese cyberespionage. This makes government entities in other countries vulnerable too, said ESET. “It’s something that happens constantly. It’s been almost two decades. Whether it’s about protests or advocacy, or the Free Tibet movement, they are after information,” said Lobsang Sither, director of technology at the India-based Tibet Action Institute.
END.
[1] https://www.eset.com/int/about/newsroom/press-releases/research/china-aligned-evasive-panda-leverages-religious-festival-to-target-and-spy-on-tibetans-eset-research-discovers-1/
[2] https://thediplomat.com/2019/02/the-cyber-war-against-tibet/
[3] https://archive.is/20220924011006/https://www.bloomberg.com/news/articles/2022-09-22/suspected-chinese-hackers-target-tibet-media-politicians#selection-3971.207-3971.338
[4] https://savetibet.org/chinese-internet-group-found-spying-on-tibetan-government-computers/
[5] https://www.csoonline.com/article/536908/data-protection-tibet-trojan-attacks-connected-to-chinese-programmer.html
[6] https://citizenlab.ca/2009/03/tracking-ghostnet-investigating-a-cyber-espionage-network/
[7] https://www.bbc.com/news/world-asia-china-68213529
[8] https://theprint.in/world/tibetans-with-contacts-in-exile-asked-to-install-spyware-on-cellphone/828797/