Cisco Talos, a group of world-class researchers, analysts, and engineers, recently uncovered a new cyberespionage campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA). The document is a copy of a legitimate PDF file titled “Tibet was never a part of China,” which is available for download from the CTA’s website tibet.net. The malicious version, however, contains a Remote Access Trojan (RAT). The email is targeted at pro-Tibet groups and individuals in order to distribute what has been dubbed ExileRAT. The attack delivers an Android- and Windows-based Trojan capable of stealing system and personal information, terminating or launching process, or carrying out surveillance and the theft of data.
As the volume and sophistication of cyberattacks grow worldwide, it is essential for the CTA and Tibetan nongovernmental organizations (NGOs) to take necessary precautions to protect their sensitive data and personal information of employees.