G20 targeted as malware authors hone in on Tibet activists

Coverage of the recent G20 Summit included many images of protestors arguing the cause of a free Tibet, but the event also saw cybercriminals weighing in on the Tibet issue as they targeted G20 protestors with customised malware coincidental to the high-profile event.

ESET malware researchers uncovered one of the malware strains timed to coincide with the event, with the off-the-shelf Gh0st RAT strain targeted at Tibet-related non-government organisations.

The strain was distributed as an email publicising a rally organised by the Australian Tibetan Community Association (ATCA) and including a malware-laden file attachment called A_Solution_for_Tibet.doc.

Once opened, the attachment exploited the CVE-2012-0158 vulnerability – an old exploit that is still frequently used by spear phishers. The malware installs Gh0st RAT and then tries to connect to two domains, mailindia.imbss.in and godson355.vicp.cc.

The text was real, taken from the Australian Tibetan Council web site, and was allegedly sent to the European Central Tibetan Administration, ESET's analysts said.

“NGO members with a political, religious or environmental agenda have been targeted in the past and will most likely continue to undergo continuous attacks in the future,” the ESET analysis warns.”

“In the light of constant attacks against them, they should definitely be as cautious as one can be when these types of emails are received, especially when popular themes or news events are used as a lure.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Enex TestLabmalwarenon-government organisationsG20Gh0st RATCSO AustraliaNGO membersG20 SummitATCACVE-2012-0158 vulnerabilityTibet activistscustomised malwareESET malware

More about CSOEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts