Tibetan Groups Targeted with 1-Click Mobile Exploits (Sep 24, 2019)
Senior members of the Tibetan community were targeted with cyber attacks between November 2018 and May 2019. The Private Office of His Holiness the Dalai Lama, the Central Tibetan Administration, the Tibetan Parliament, and Tibetan human rights groups were all targeted during this time. Toronto based, Citizen Labs report shows the level of effort taken during the campaigns to infect the targets. Sophisticated social engineering attempts through whatsapp conversations about recent events and activities related to the target groups. These conversations were used to dupe the victim into clicking on a link which would then use web browser exploits to install android and ios malware. The malware used to conduct the browser exploits was called POISON CARP and the Android and iOS exploit kits is dubbed “MOONSHINE” by Citizen Labs.
Recommendation: Defense-in-depth is the best way to ensure safety from APTs. Defence-in-Depth involves the layering of defence mechanisms. This can include network and end-point security, social engineering training (such as training exercises to help detect phishing emails) for staff and robust threat intelligence capabilities.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.