A fake email address was used to launch a targeted malware email campaign against the Australian Tibet Council on the weekend beginning 10 March, according to a Trend Micro security researcher and spokesperson.
The spokesperson said in a statement that the email contained the Lurid Downloader attachment. Emails containing malware were then sent to the Reception Centre for Tibetan Refugees.
According to the spokesperson, the attack was possibly timed to coincide with the 53rd anniversary of the Tibetan National Uprising.
“Although there is clear evidence that the Tibetan community was a target, interestingly, the majority of victims are concentrated in Russia and in other CISs [Commonwealth of Independent States],” the spokesperson said in a statement.
The spokesperson added that numerous embassies and government ministries, including some in Western Europe, have been compromised as well as research institutions and space industry agencies.
The attack is ongoing and Trend Micro researchers are still monitoring developments.
“Targeted emails with malicious DOC and XLS attachments have previously used the Tibetan Uprising anniversary and surrounding events as a social engineering ploy,” the spokesperson said in a statement.
“The DOC/XLS files have old exploit codes targeting vulnerable systems, and if there is successful exploitation, a trojan backdoor will be installed in the system, making it under the full control of the attacker.”
Trend Micro has been contacted for further information by Computerworld Australia and is awaiting a response.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.