November 2024 – In yet another alarming act of cyber aggression, a hacking group believed to be state-sponsored by the Chinese government has compromised two prominent websites associated with the Tibetan community, deploying malware with chilling intent to spy on visitors, a cybersecurity firm reported on Wednesday.
The attack, which targeted the Tibet Post and Gyudmed Tantric University websites, was a calculated attempt to infect users’ computers with sophisticated malware. The malicious file, disguised as a legitimate security certificate, was downloaded by unsuspecting visitors, enabling the hackers to remotely install Cobalt Strike Beacon malware. This malware can secretly monitor keystrokes, transfer files, and enable further malicious actions, providing the attackers with full access to the infected systems.
The Tibet Post, a site known for its advocacy of Tibetan independence and democratic freedoms, and Gyudmed Tantric University, an educational institution dedicated to Tibetan Buddhist teachings, were seemingly chosen for their deep ties to the Tibetan diaspora and their potential to provide intelligence on individuals opposed to the Chinese government. The attack, according to the Massachusetts-based Insikt Group, is likely part of a broader cyber-espionage operation aimed at gathering sensitive information from Tibetans and their allies worldwide.
“These targeted cyberattacks are clearly designed for surveillance rather than disruption,” said Jon Condra, Senior Director at Insikt Group. “The overlap with previous hacking campaigns targeting the Tibetan community makes it almost certain that the goal here is to collect intelligence—whether on individuals or larger organizational activities.”
The hacking group behind the operation is identified as TAG-112, a subgroup of the notorious Chinese cyber espionage collective TAG-102, also known as Evasive Panda or StormBamboo. This group, linked to Chinese state interests, has been active for over a decade and specializes in infiltrating organizations that advocate for human rights, democratic freedoms, and independence movements, particularly those critical of China’s policies in Tibet, Hong Kong, and Taiwan.
“This behavior is consistent with China’s long-standing strategy of targeting dissidents, ethnic minorities, and human rights organizations. These attacks are a disturbing reflection of the Chinese government’s willingness to employ any means necessary to silence opposition,” Condra added.
The breach first occurred in May 2024, with the malicious payload designed to infect users with keyloggers and other data-stealing tools. While the Gyudmed Tantric University has reportedly addressed the issue, the Tibet Post remains compromised as of this week, raising serious concerns about the continued vulnerability of these critical platforms.
Chinese authorities have, predictably, denied any involvement in these cyberattacks, with the Chinese Foreign Ministry stating that it had “no knowledge” of the incident. In typical fashion, Beijing continues to deflect accusations of state-sponsored hacking, despite mounting evidence of systematic cyber espionage targeting Tibetan and pro-democracy organizations.
Tibet, a region forcibly incorporated into the People’s Republic of China in the 1950s, has remained a point of contention for decades, with many Tibetans continuing to pledge allegiance to the Dalai Lama and opposing Beijing’s rule. The Chinese government’s crackdown on Tibet’s cultural and religious freedoms, including the systematic erasure of Tibetan language and Buddhist traditions, has intensified in recent years. These cyberattacks are a natural extension of China’s broader campaign to stifle dissent and assert control over the region.
Human rights groups have long accused China of engaging in severe repression in Tibet, with the latest round of criticism centered on Beijing’s ongoing efforts to forcibly urbanize Tibet’s rural population. This initiative, critics argue, is designed to undermine Tibetan culture and impose Chinese assimilation policies, further eroding Tibetan autonomy.
In the face of this latest cyber assault, experts are warning of the growing risks posed by state-sponsored hacking campaigns. These attacks are not merely a violation of privacy; they are part of a broader effort to suppress opposition and maintain authoritarian control over Tibet and its people.
The international community must take a stand against China’s growing use of digital warfare to intimidate, surveil, and silence dissenting voices. The Tibet Post and Gyudmed Tantric University are only the latest victims of a Chinese government determined to extend its grip on Tibet through both physical and digital means.
As the battle for Tibetan freedom continues, the cyber front remains a critical theater in the fight for justice, democracy, and human rights. The time for action is now—before more Tibetans, and their allies, fall victim to this digital war of suppression.
