Tibetan Organizations Targeted in a Chinese Sponsored Phishing Campaign

Tibetan Organizations Targeted in a Chinese Sponsored Phishing Campaign
Cybersecurity experts from Proofpoint have unearthed a Chinese-sponsored phishing campaign and published a report on Thursday; as per the findings, Chinese state hackers targeted several Tibetan organizations in a low-volume phishing campaign using malicious malware on the systems of Tibetan organizations. The campaign was designed to hijack Gmail accounts via a malicious Firefox browser extension.

According to Proofpoint, Chinese sponsored phishing campaign started in January and continued throughout February and was managed by the TA413 APT group, a threat group that’s aligned with the Chinese Communist Party’s state interests.

Hackers Modus Operandi 

TA413 attackers targeted the organizations by sending a fraudulent email, once the victim opened the email it redirected the victim to the attacker-controlled you-tube[.] domain that displays a fake Adobe Flash Player Update landing page.

Threat actors specifically targeted the Firefox users and users with an active Gmail session were prompted to download the malicious add-on. If the potential target used any other web browser, they would get redirected to the legitimate YouTube login page.

According to Proofpoint, threat actors could exploit the following functions on infected browsers:

 Gmail:

• Search emails 


• Archive emails 


• Receive Gmail notifications 


• Read emails 


• Alter Firefox browser audio and visual alert features 


• Label emails • Marks emails as spam 


• Delete messages 


• Refresh inbox 


• Forward emails 


• Perform function searches 


• Delete messages from Gmail trash 


• Send mail from the compromised account

 Firefox (based on browser permissions): 

• Access user data for all websites 


• Display notifications 


• Read and modify privacy se ..