Targeted Attacks in the Tibetan Community
Since the Tibetan movement emerged in the world of the internet in the late 90s, unprecedented cyberattacks from the adversary have always been a challenge. This timeline shows some of the key events and attacks that have happened in the Tibetan community till date. This covers events such as the internet coming to the Tibetan community and various attacks
Timeline
When the internet comes to India
The "Gangky Wide Web project"
In 1997 with the help of Dan Haig and his team, the internet was first brought to the Tibetan community in Dharamshala specifically to Central Tibetan Administration (CTA) then known as the Tibetan Government in Exile.
First Documented Attack
Tibetan lobby groups were also targeted by the unnamed virus, which is designed to fool the unwary by posing as an email from the Dalai Lama’s office. Chinese crackers also attempted to break into Tibetan systems in 1999 and 2001
First detailed investigative report published online
The Citizen lab and Information Warfare Monitor traced the compromised computers in the Tibetan diaspora community, with on field analysis of prominent offices including OHHDL, CTA and NGOs and came up with a detailed research report around the malicious cyber network they termed as the “Ghostnet”.
Nart Villeneuve, Greg Walton and Ronald Deibert, discoverers of GhostNet, at the Munk Centre in Toronto on March 29 2009
(Source:https://www.theglobeandmail.com/technology/meet-the-canadians-who-busted-ghostnet/article1214210/ )
Second detailed investigative report published online
The Information Warfare Monitor and Shadowserver Foundation published a joint report called “Shadow in the clouds” which was focused on a Shadow network that was used to exfiltrate sensitive data from compromised victims from prominent offices within the Tibetan diaspora community.
Cyber security public awareness campaign by Tibet Action Institute
The Tibet Action Institute have worked for digital security awareness within the Tibetan diaspora community by extensively carrying out campaigns such as Detach from attachments, HTTPs keeps your Secret safe and secure, Don’t Share Drives, Keep Your Enemy Out of Your Inbox.
The most consistent APT campaign targeting Tibetan diaspora community
APT TA413, also known as the LuckyCat campaign has relentlessly targeted the Tibetan diaspora community by all means, including computer and mobile based malwares. It was also observed through website infections and phishing attacks to bring malicious browser based attacks.
The rise of website based attacks
Unlike the previously detected malicious emails compromising computers, A series of mobile based attacks surfaced with some attachments designed to compromise mobile devices, i.e with compromised versions of legitimate android applications.
The rise of mobile attacks
Unlike the previously detected malicious emails compromising computers, A series of mobile based attacks surfaced with some attachments designed to compromise mobile devices, i.e with compromised versions of legitimate android applications.
The launch of TibCERT
TibCERT is a Tibetan Computer Emergency Readiness Team under Tibet Action Institute which aims to build a coalition-based structure for preventing and mitigating online threats in the Tibetan Community.
Rise of technically sophisticated one click mobile exploits.
Between 2018 - 2019, few prominent figures in the Tibetan community in exile were targeted with one click mobile exploits on Whatsapp from seven fake personas designed to appear as journalists, staff at international advocacy organizations, volunteers to Tibetan human rights groups, and tourists to India.
You've heard our story, it's now time for the world to hear yours.