If you are a journalist or human rights worker, or simply a Tibetan, who resides in territories that were formerly colonies of China, you might have been going through some form of advanced persistent threats that are intended to harm your computers.
The attack takes advantage of a certain vulnerability in the Microsoft Rich Text File type of documents, though it is an old campaign that began to infect computers as early as 2009. Tibetan citizens and journalists based in Hong Kong and Taiwan were the primary targets of the threat, which compiles known flaws into a single attachment, according to security researchers at Arbor Networks who first detected the threat.
There are many implications once a compromise arises because of the threat campaign. For instance, the attackers will try to exploit vulnerabilities in order to drop malware payloads onto computers. These malware tools include some of the most popular of their kind such as Gh0StRAT, Agent.XST, Grabber, Kivars, and PlugX.
The design and launch of the advanced persistent threat campaign are carried out in a careful and meticulous manner, according to the researchers. For instance, operators of the APT have mixed past malware tools that are the best of their kind into the modern threat campaign to hit their intended victims.
Because of the combination and updates made to the APT, fresh malware, techniques and spear phishing attacks have come out in the open that are used at present by the attackers exploiting this campaign. In fact, as late as January this year, human rights workers and activists from Tibet were hit by a phishing email campaign that was dressed up as a message coming from a human rights group, alleging that the US Congress has granted $6 million in funding for Tibetans in Nepal and India.
Once the email containing the phishing message is opened, the victim’s computer will be infected with the Grabber malware, which will then enable the system to download other malware like remote access Trojans to give attackers the privilege into the computer and introduce more malicious code into the computer.
These exploits are nothing new in reality. But they appear to take advantage of current developments in the political and social spheres to lure users into believing in their false integrity, such as the existing conflict between Tibet and China. It seems as though those journalists and human rights activists are the primary targets because of the impact of their work on efforts to clamp down on the freedom of the citizens in communist societies.
