By Citizen Lab.
In this report, the Citizen Lab has provide an in-depth view into a phishing operation that ran for 19 months, and which targeted the Tibetan community, and potentially other groups including ethnic minorities, social movements related to China, a media group, and government agencies in South and Southeast Asia. The targeting themes have general geographic and contextual commonalities, but it is unclear who the sponsor of the operation is and how information collected by it may be used.
The Tibetan community has been persistently targeted by digital espionage operations for over a decade. Historically, malware sent as email attachments was the most common threat Tibetan groups experienced. Recently, the Citizen Lab has observed an increase in phishing operations targeting the community suggesting a possible shift in adversary tactics. This latest operation is another example of this trend.