Security News > 2021 > February > Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
![Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations](/static/build/img/news/chinese-hackers-using-firefox-extension-to-spy-on-tibetan-organizations.jpg)
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.
"Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis.
The emails contain a malicious URL, supposedly a link to YouTube, when in fact, it takes users to a fake "Adobe Flash Player Update" landing page where they are prompted to install a Firefox extension that Proofpoint calls "FriarFox."
"In recent campaigns identified in February 2021, browser extension delivery domains have prompted users to 'Switch to the Firefox Browser' when accessing malicious domains using the Google Chrome Browser," the researchers said.
The introduction of the FriarFox browser extension in TA413's arsenal points to APT actors' "Insatiable hunger" for access to cloud-based email accounts, says Sherrod DeGrippo, Proofpoint's senior director of threat research and detection.
"Almost any other account password can be reset once attackers have access to someone's email account. Threat actors can also use compromised email accounts to send email from that account using the user's email signature and contact list, which makes those messages extremely convincing."
News URL
Related news
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- 20,000 FortiGate appliances compromised by Chinese hackers (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)
- Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (source)
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
- Chinese APT40 hackers hijack SOHO routers to launch attacks (source)
- Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware (source)
- Chinese hackers deploy new Macma macOS backdoor version (source)