Dharamshala, pictured, is ground zero in China’s cyberwar. Photo by Tomasz Wagner.
Based at the Munk School of Global Affairs at the University of Toronto, Citizen Lab recently released a major study on targeted malware attacks against Tibetan groups and pro-democracy activists in Hong Kong. The study revealed a change in tactics from previous campaigns and suggested that the attacks are evolving in response to cyber-security drives in the Tibetan community such as the aforementioned call to “detach from attachments.”
That slogan was one of several coined by digital security group Tibet Action Institute. Last November, The Associated Press reported that Tibetan monks were being buffeted by persistent cyberattacks. At that time Tibet Action Network urged the monks and other Internet users to avoid sending or opening email attachments and to use cloud-based storage like Google Drive as an alternative.
Now, it’s said, Dharamsala, home of His Holiness the Dalai Lama and the Central Tibetan Administration, is the “ground zero in China’s cyberwar.”
Citizen Lab’s report shows that e-mail attachments, once the most common weapon of attack on the Tibetan community, are now being replaced by malicious Microsoft PowerPoint Slideshow files and Google doc files. “These attacks are highly targeted, appear to re-purpose legitimate content in decoy documents, and had very low antivirus detection rates at the time they were deployed,” said the report.
The report also concluded that that the similarities between the attacks on Tibet groups and those on Hong Kong pro-democracy activists “suggests that either they are being conducted by the same threat actor or threat actors targeting these groups are sharing tactics, techniques, and procedures.”