Researchers have uncovered a Chinese cyber-espionage network which they say has been used to spy on the Dalai Lama as well as the Indian government and military.
The Shadow network was uncovered by the Information Warfare Monitor and the Shadowserver Foundation.
“The attackers misused a variety of services including Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail in order to maintain persistent control over the compromised computers,” says Nart Villeneuve of the Information Warfare Monitor.
“This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command and control servers located in China.”
The researchers say they were able to recover a varity of documents, including 1,500 letters sent from the Dalai Lama’s office
Most of the other targets belonged to the Indian governemnt or military. However, the stolen data also includes information from people in other countries, including Canadian visa applications.
They researchers have traced the attacks to some rented apartments in Chengdu, and say they can’t link them directly to the Chinese government.
However, says Villeneuve, the data is clearly aligned with Chinese government interests. “It would not be implausible to suggest that the stolen data may have ended up in the possession of some entity of the Chinese government,” he says.
The full report is here.