The 'ned' in 'nedfortibt.info' is likely a reference to the National Endowment for Democracy (NED), a nonprofit foundation funded by the U.S. Congress that supports non-governmental groups who are working for democratic goals in over 90 countries and which is openly supportive of Tibetans in their relations with China, Dorais-Joncas said.
According to the ESET researchers, the infection scale of Win32/Syndicasec is small and strictly limited to Nepal and China.
"The lack of built-in commands [in the master script] prevents us from discovering the real end-goal of this operation," Dorais-Joncas said. "However, we can affirm that the various characteristics observed around this threat are similar to other espionage campaigns against Tibetan activists that we have observed."
Sign up for CIO Asia eNewsletters.