Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Chinese Trojans used to attack pro-Tibet organisations

Nitro attack group shows political motivation

Article comments

A malware campaign targeting activists at pro-Tibet organisations could be the work of the same Chinese group behind a major attack on the chemical industry last year, researchers from AlienVault have suggested.

The new attack uses a malicious Word attachment sent by email to organisations including the Central Tibet Administration and International Campaign for Tibet using English-language subject lines promoting a Tibetan religious festival.

This attachment attempts to exploit a relatively old Microsoft vulnerability (CVE-2010-3333), to launch GhostNet’s Gh0st RAT Trojan, normally designed to steal data or even record sound files via a PC’s microphone. It is also capable of performing realtime surveillance on an infected machine.

AlienVault notes a number of similarities to the Nitro campaign between July and September 2011, a large-scale attack on the chemical and defence industry against up to 48 different companies.

The malware used in the Nitro attacks was Poison Ivy, a Chinese-developed Trojan related to Gh0st RAT, using a VeriSign digital certificate issued to a Chinese company before being revoked on 12 December; embedded within the code calling the Trojan is the string ‘ByShe’, identical to that used by Nitro.

The modus operandi of attacking political organisations is also consistent with Nitro, believed to have started life with a concerted campaign against human rights groups in early 2011.

“It is no surprise that Tibetan organisations are being targeted – they have been for years – and we continue to see Chinese actors breaking into numerous organisations with impunity,” said Alien Vault’s Jaime Blasco.

“Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions.”

A detailed analysis of the Nitro attacks was published by Symantec. If Alien Vault’s detective work is correct, it looks as if the same group has developed a parallel business making political attacks.

Alien Vault promises to reveal more details about the latest attacks in the coming weeks.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *