image credit: Pixabay

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

“Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an analysis.

The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as TA413, which has been previously attributed to attacks against the Tibetan diaspora by leveraging COVID-themed lures to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance.

Read More on The Hacker News