A group of hackers operating under the name ‘Poison Carp’ are believed to be the ones behind a recent stream of one-click link attacks aimed at the Tibetan community. Published by Canadian cybersecurity research firm The Citizen Lab and reported initially by The Hacker News, the Poison Carp attackers operate by sending a one-click link to target individuals by posing as NGO workers, journalists or others.
The end-objective of these attacks include gaining full access to their devices including camera and microphone to carry out nefarious activities, extract contacts, call and location data, and private chats, as well as automatically download malicious plugins on the target devices.
The one-click links are being spread by these attackers through WhatsApp messages, and reportedly exploit multiple Android browser exploits as well as spyware kits. They also appear to be exploiting a phishing vulnerability, in order to steal financial data as well. The suspected attack sources are not entirely unknown, and have already been seen before, including in the massive iOS browser exploit reported by Google.
The report, composed by a team of seven researchers and research fellows at The Citizen Lab, further state that among the prime targets of these attacks, held between November 2018 and May 2019, include the private office of The Dalai Lama, the Central Tibetan Administration and the Tibetan Parliament, among others. While no confirmed links have been found, the pattern of these tools and their coding pattern has led the researchers to believe that the Poison Carp group is actually supported by the Chinese government, leading to suspicions of even more state-sponsored surveillance, cyber sabotage and cyber terrorism.
While the threat is severe enough, it is important to note that the researchers have not found any of the exploits to be zero-day hacks, which in turn signifies that concerned companies such as Google, Apple and WhatsApp would have already released patches to fix the exploits that can lead to the data of these individuals being compromised. As a result, it is highly advisable for anyone, and members of the Tibetan community in particular, to keep their applications and software constantly updated.
Comments
0 comment