Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Cit Lab brief on targeted malware, Spoofing the European Parliament

Ronald Deibert r.deibert at
Wed Jun 20 10:13:27 PDT 2012

Dear Lib Tech

The Citizen Lab analyzes a recent targeted malware attack against the Tibetan community spoofing the June 14, 2012 resolution of the European Parliament (EP) on the human rights situation in Tibet. While such repurposing of authentic content for use as a malware delivery mechanism is not unusual, this incident raises serious questions surrounding the use of legitimate political resources for illegitimate ends.

Spoofing the European Parliament
An Analysis of the Repurposing of Legitimate Content in Targeted Malware Attacks
Part II of Information Operations and Tibetan Rights in the Wake of Self-Immolations

Download PDF version

Key Findings

	• On June 15, 2012, a malicious email with the subject “FW: the new decision of EUROPEAN PARLIAMENT about tibetan human right in China” was sent to over 80 unique email addresses, targeting individuals active in the Tibetan rights community.
	• Attached to the email is a malicious .doc file — characterized by the email text as containing the June 14, 2012 resolution of the European Parliament on the human rights situation in Tibet — in which is embedded malicious code that executes when the attachment is opened.
	• The malware utilized in this attack is the same as that described in other reports detailing attacks with Tibet-related themes. Once the malicious code is executed, it starts to communicate with a command and control (C2) server located in Hong Kong.
	• This attack raises serious questions concerning misappropriation of the intellectual property and political discourse of public entities such as the European Parliament in furtherance of information operations designed to compromise civil society organizations.
	• The Citizen Lab recommends that the European Parliament and other stakeholders voice concern and engage in serious consideration and public debate regarding targeted cyber threats against civil society, which have resulted in chilling effects and information denial.

Ronald J. Deibert
Professor of Political Science
Director, The Canada Centre for Global Security Studies and
The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deibert at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list