BANGKOK– A group of hackers who would be Sponsored by the Chinese state compromised two websites linked to the Tibetan community in an attack aimed at installing malware on users’ computers, according to findings released Wednesday by a private cybersecurity company.

The hacking of the Tibet Post and Gyudmed Tantric University websites appears to be aimed at accessing the computers of people who visit them to obtain information about them and their activities, according to analysis by Insikt Group, the division of threat research from the Massachusetts-based cybersecurity organization. consultancy Recorded Future.

The hackers, known in the report as TAG-112, compromised websites so that visitors were prompted to download a malicious executable file disguised as a security certificate, Insikt Group said. Once opened, the file loads Cobalt Strike Beacon malware onto the user’s computer which can be used for key logging, file transfer and other purposes including deployment of additional malware .

“While we have no visibility into the activity conducted by TAG-112 on the compromised devices in this campaign, given their likely cyberespionage mission and targeting of the Tibetan community, it is almost certain that they were engaged in information gathering and/or surveillance rather than destructive attacks,” Jon Condra, senior director of the Insikt Group, told the Associated Press.

“This behavior aligns with the historical targeting of the Tibetan community,” he said.

The Chinese authorities have always denied any form of state-sponsored hacking, claiming that China itself is a major target of cyberattacks.

China’s Foreign Ministry said it was not aware of the reported hacking of the two websites by the Insikt group.

“China’s position on the issue of cybersecurity is consistent and clear,” the ministry said in a faxed response to a request for comment, without elaborating.

According to Insikt Group research, the sites were first compromised in late May and the attacks have many overlaps with a previously tracked hacker group known as TAG-102, leading analysts to conclude that it is a subgroup of the already known group “working towards the same or similar intelligence requirements”, the Insikt group said.

Overlaps include reusing specific tactics, techniques and procedures and pursuing identical targets, Condra said.

“These two threat groups are almost certainly linked,” he said.

TAG-102, known by several names such as Evasive Panda and StormBamboo, has been operational since 2012 and is widely considered a China-sponsored advanced persistent threat, or APT, group, Insikt Group said.

Among other things, it uses custom malware frameworks used by other Chinese APT groups and its targeting “aligns with the likely requirements of Chinese intelligence services,” Condra said.

“The group has engaged in a wide variety of campaigns over the years, with a focus on individuals and organizations opposed to the Chinese government, such as human rights organizations, religious organizations , ethnic minority groups, academic institutions and democracy supporters. or independence movements in Taiwan, Hong Kong and even mainland China,” Insikt Group said.

The university and the news site, both located in India, were informed of the hack by Insikt Group. As of this week, it appears that Gyudmed Tantric University, which is a place to learn Tibetan Buddhism, language, history and culture, has resolved the issue while the news site remains compromised , Condra said.

The Tibet Post is known for promoting democracy, freedom of expression and advocating Tibet’s independence from China, he said.

China says Tibet has been part of its territory for centuries, although it only established firm control over the Himalayan region after the Communist Party came to power in a civil war in 1949.

Many Tibetans are still loyal to the Dalai Lama, the spiritual leader who has lived in exile in India since the failure of the 1959 anti-Chinese uprising.

China is regularly accused of human rights violations in Tibet, including earlier this year, over its efforts to forcibly urbanize villagers and pastoralists as part of a campaign to assimilate rural Tibetans through control of their language and traditional Buddhist culture.