| Category | Details |
|---|---|
| Threat Actors | TAG-112 (linked to China), subgroup of Evasive Panda |
| Campaign Overview | Espionage campaign targeting Tibetan media and university websites for intelligence gathering for China |
| Target Regions (Victims) | Tibetan community in India, Taiwan, Hong Kong, Australia, U.S., and other regions linked to Tibetan exiles |
| Methodology | Exploited Joomla CMS vulnerabilities, uploaded malicious code, distributed Cobalt Strike Beacon payload disguised as a “security certificate” |
| Product Targeted | Tibet Post and Gyudmed Tantric University websites |
| Malware Reference | Cobalt Strike Beacon |
| Tools Used | Cobalt Strike |
| Vulnerabilities Exploited | Joomla CMS vulnerabilities |
| TTPs | Website compromise, spear-phishing, social engineering (disguised as security certificate), exploitation of unpatched CMS vulnerabilities |
| Attribution | Attributed to TAG-112, a subgroup of the Chinese state-sponsored Evasive Panda hacking group |
| Recommendations | Regular CMS updates, enhanced website security, increased awareness of phishing attacks disguised as security certificates |
| Source | The Record |
Read full article:Read More
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply