Spy Campaign Spams Pro-Tibet Group With ExileRAT

[silversurfer]

A cyber-espionage campaign has been spotted targeting recipients of a mailing list run by the Central Tibetan Administration (CTA).

India’s CTA is an organization officially representing the Tibetan government-in-exile. The territory of Tibet is administered by the People’s Republic of China – but the CTA considers that an illegitimate military occupation. The CTA instead believes that Tibet is a distinct independent nation.

Researchers with Cisco Talos recently discovered emails spamming subscribers on the CTA’s mailing list. The emails, which purport to be from the CTA, said they were commemorating the upcoming 60th anniversary of the Dalai Lama’s exile on March 31 with an attached Microsoft PowerPoint document titled “Tibet Was Never A Part of China.”

However, the attachment is actually a malicious PPSX file used as a dropper to allow an attacker to execute various JavaScript scripts and eventually download a payload onto the victims’ systems. That payload, a remote access trojan (RAT) called ExileRAT, scoops up their computer’s information.

SOURCE: https://threatpost.com/spy-spam-tibet-exilerat/141460/