THE CENTRAL Tibetan Administration website has been infiltrated by hackers who have injected malware into it.
According to a post on security firm Kaspersky's website, attackers inserted a java exploit that installed a APT-related backdoor. APT here meaning an advanced persistent threat.
The backdoor can be used for spying on the target machine, although it is possible to use it for other purposes.
Kaspersky said that it affects the Chinese language version of the webpages. "The attack itself is precisely targeted, as an appended, embedded iframe redirects "xizang-zhiye(dot)org" visitors (this is the CN-translated version of the site) to a java exploit that maintains a backdoor payload. The English and Tibetan versions of the website do not maintain this embedded iframe on the Chinese version," said a post on Kaspersky's website by Kurt Baumgartner. "The Java exploit appears to attack the older CVE-2012-4681 vulnerability."
This is described as a "surprise" because it was used in the summer of last year in another attack and before then.
"This threat actor has been quietly operating these sorts of watering hole attacks for at least a couple of years and also the standard spearphishing campaigns against a variety of targets that include Tibetan groups," Baumgartner added. "Our KSN community recorded related events going back to at least a busy late 2011 season."
Baumgartner recommended that users avoid the Chinese language version of the website, adding that it is likely to be a frequent and repeated target for attackers. µ
Sign up for INQbot – a weekly roundup of the best from the INQ