This report, written by Citizen Lab researchers Jakub Dalek, Masashi Crete-Nishihata, and John Scott-Railton, describes the latest iteration in a long-running espionage campaign against the Tibetan community. It details how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing that draws on “inside” knowledge of community activities. This adaptation appears to track changes in security behaviors within the Tibetan community, which has been promoting a move from sharing attachments via e-mail to using cloud-based file sharing alternatives such as Google Drive.

Read the report