In the wake of recent events in Tibet, a number of non-governmental organizations reported attacks on some of their users. The attacks were quite sophisticated in targeting users and had malware payloads that were missed by most anti-virus tools.

The SANS Internet Storm Center, a group of volunteers who track and report malicious activity on the internet, has an excellent diary entry that breaks down the methodology and tools used by the attackers.

The tradecraft described is essentially the same as any exploit payload attack. However, the description that M. van Horenbeeck, the author, provides of the email sent to entice the target is of a much higher level of effort than is typically seen.

There’s no answer to the RMB64,000 question: who did it? It could be one person, it could be a hacker group, or it could be a governmental organization. Some of the attacks were traced back to China, but others went to servers in the US, South Korea, and Taiwan. There’s no evidence of who did it, where they are from, and what their motivation was.

Rather than speculating I’ll let you pursue the conspiracy theory of your choice.

'); //-->

ShareThis