Skip to main content

Hackers infiltrate Dalai Lama's Chinese website

The Chinese-language version of the Tibetan government in exile website has been infiltrated by hackers, according to security researchers.

The Central Tibetan Administration (CTA) of His Holiness the Dalai Lama site includes an embedded iframe that redirects Chinese visitors to a java exploit that maintains a backdoor payload, Kaskpersky Lab's Kurt Baumgartner wrote in a blog post.

The tactic is known as a watering hole attack, whereby hackers compromise a site that is likely to be visited by a certain group of users. The site is considered to be legitimate, so web surfers have no qualms about visiting it, but when they do, malicious content is installed on their machine, allowing the hackers to access personal information.

The same thing happened to websites operated by the Department of Labor back in May, according to Cisco.

The Dalai Lama, of course, has been in exile from Tibet since 1959. The region is currently under the control of the People's Republic of China, so it makes sense that the government wants to gather information about those visiting the CTA website, particularly people who are based in China.

According to Kaspersky's Baumgartner, "it seems that the few systems attacked with this code are located in China and the U.S., although there could be more."

The English and Tibetan versions of the CTA website do not appear to have the dangerous iframe, though Baumgartner encouraged Internet users to avoid the site for now.

"This threat actor has been quietly operating these sorts of watering hole attacks for at least a couple of years and also the standard spearphishing campaigns against a variety of targets that include Tibetan groups," he wrote. "Our KSN community recorded related events going back to at least a busy late 2011 season."

Image credit: Flickr (arjuna_zbycho)