Security News > 2020 > September > Things are getting back to normal: Chinese hackers revert to bugging Tibetans after brief Euro campaign

Malware pathologists have noted a return to "Business as usual" as groups associated with Chinese state interests turned their attentions back to Tibetan matters after a European dalliance earlier this year.

Back in March, a phishing campaign attempted to deliver the "Sepulcher" malware to various European institutions with a sender email identified as being linked to historical Chinese APT targeting of the Tibetan community, Proofpoint said.

A second phishing campaign kicked off at the end of July, and attempted to deliver the same strain of malware to Tibetan dissidents.

The security firm said: "While it is not impossible for multiple APT groups to utilize a single operator account against distinct targets in different campaigns, it is unlikely. It is further unlikely that this sender reuse after several years would occur twice in a four-month period between March and July, with both instances delivering the same Sepulcher malware family."

The evidence therefore points to an APT group best know for Tibetan campaigns being re-tasked to collect information from European organisations reeling from COVID-19 in March.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/02/sepulcher_malware/