Recorded Future just released a report in a series which sheds light on the breadth of sophisticated techniques used by the Chinese state against perceived domestic threats. This latest report is focused on threats to the Tibetan community. It is based on a detailed analysis of the malware targeting the community, as well as its associated infrastructure. Sources include Recorded Future’s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools IRIS and PassiveTotal.
The PRC does this against their own citizens, but their espionage and malware to accomplish these goals is directed at any external group or person they feel they need to, and many U.S. citizens are also attacked as part of this operation.
Of note was the targeting of the government of the U.S. State of Alaska and related organizations in teh state. The attackers being used by the PRC, Tsinghua University, compromised many other organizations as part of this same campaign including many that were targets for more than just internal dissent suppression objectives. Tsinghua University was targeting UN offices, Kenya, German multinationals (including Daimler AG) and many countries and organizations seen as key to the PRC “Belt and Road Initiative”.
For more on this report see: Chinese Cyberespionage Originating From Tsinghua University Infrastructure on the Recorded Future Blog