Analysis of TAG-112 Compromise of Tibetan Websites

This research article by Insikt Group details the compromise of Tibetan community websites by the Chinese APT group TAG-112. Exploiting Joomla vulnerabilities, malicious JavaScript was uploaded to distribute Cobalt Strike malware disguised as a security certificate. The report highlights the ongoing cyber threats faced by Tibetan entities and the obfuscation techniques used by threat actors to evade detection.