Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Researchers find unusual malware targeting Tibetan users in cyberespionage operation

Lucian Constantin | May 27, 2013
The malware abuses the Windows Management Instrumentation (WMI) service to remain undetected, researchers from ESET said

The 'ned' in 'nedfortibt.info' is likely a reference to the National Endowment for Democracy (NED), a nonprofit foundation funded by the U.S. Congress that supports non-governmental groups who are working for democratic goals in over 90 countries and which is openly supportive of Tibetans in their relations with China, Dorais-Joncas said.

According to the ESET researchers, the infection scale of Win32/Syndicasec is small and strictly limited to Nepal and China.

"The lack of built-in commands [in the master script] prevents us from discovering the real end-goal of this operation," Dorais-Joncas said. "However, we can affirm that the various characteristics observed around this threat are similar to other espionage campaigns against Tibetan activists that we have observed."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.