[liberationtech] New Cit Lab brief on targeted malware, Spoofing the European Parliament
Ronald Deibert
r.deibert at utoronto.ca
Wed Jun 20 10:13:27 PDT 2012
Dear Lib Tech
The Citizen Lab analyzes a recent targeted malware attack against the Tibetan community spoofing the June 14, 2012 resolution of the European Parliament (EP) on the human rights situation in Tibet. While such repurposing of authentic content for use as a malware delivery mechanism is not unusual, this incident raises serious questions surrounding the use of legitimate political resources for illegitimate ends.
https://citizenlab.org/2012/06/spoofing-the-european-parliament/
Spoofing the European Parliament
An Analysis of the Repurposing of Legitimate Content in Targeted Malware Attacks
Part II of Information Operations and Tibetan Rights in the Wake of Self-Immolations
Download PDF version
Key Findings
• On June 15, 2012, a malicious email with the subject “FW: the new decision of EUROPEAN PARLIAMENT about tibetan human right in China” was sent to over 80 unique email addresses, targeting individuals active in the Tibetan rights community.
• Attached to the email is a malicious .doc file — characterized by the email text as containing the June 14, 2012 resolution of the European Parliament on the human rights situation in Tibet — in which is embedded malicious code that executes when the attachment is opened.
• The malware utilized in this attack is the same as that described in other reports detailing attacks with Tibet-related themes. Once the malicious code is executed, it starts to communicate with a command and control (C2) server located in Hong Kong.
• This attack raises serious questions concerning misappropriation of the intellectual property and political discourse of public entities such as the European Parliament in furtherance of information operations designed to compromise civil society organizations.
• The Citizen Lab recommends that the European Parliament and other stakeholders voice concern and engage in serious consideration and public debate regarding targeted cyber threats against civil society, which have resulted in chilling effects and information denial.
Ronald J. Deibert
Professor of Political Science
Director, The Canada Centre for Global Security Studies and
The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deibert at utoronto.ca
http://deibert.citizenlab.org/
twitter.com/citizenlab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120620/098fa297/attachment.html>
More information about the liberationtech
mailing list