by Maarten Van Horenbeeck

Part of the targeted attack research I've been doing has involved working together with many Tibetan non-profits as well as human rights organizations that operate within China. Together with the latest unrests in Lhasa, the amount of attacks we have been seeing has sharply increased.

Today, various media outlets are reporting on these findings:

Brian Krebs at the Washington Post: Cyber attacks target pro-Tibet groups
The BBC - Tibet: the cyber wars
SANS ISC - Overview of Cyber attacks against Tibetan communities
UPI - Analysis: Cyber attacks on Tibet groups

While most concentrate on the Tibetan groups, the findings for them are virtually identical to the work we've done on other targeted attacks. In some cases, as referenced in the UPI article, there is significant overlap in methodology, and even control servers, between the various groups.

While the source of the attacks cannot be identified using the technical data available, it is clear that these groups are under a coordinated attempt to spy on their digital communications, or a clever attempt at discouraging them from trusting these communications. Given many such groups work in a network-centric manner, both can be equally serious problems.

Cheers,
Maarten