CyberNews Briefs

ExileRat Targeting Tibetan Supporters via Malicious PowerPoint Docs

Researchers with the Cisco Talos Group have discovered a malspam campaign targeting the mailing list of the Central Tibetan Administration (CTA), which is also referred to as the Tibetan Government in Exile. In the first stage of the attack, threat actors sent an email to everyone on the mailing list, while making it look like the CTA was the sender.

The subject of the email was “Tibet-was-never-a-part-of-China”, and included an attachment of the same name. The attachment was a malicious version of a legitimate CTA PowerPoint presentation that installed the ExileRat remote access Trojan (RAT) when it was opened. The RAT enabled threat actors to steal information from and execute commands on infected computers.

Read more: ExileRat Targeting Tibetan Supporters via Malicious PowerPoint Docs

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.