In this research brief, Seth Hardy describes malware (“GLASSES”) sent in 2010 that is a simple downloader closely related to malware described by Mandiant in their APT1 report. GLASSES appears to be a previous version of malware called GOGGLES by Mandiant, and was sent in a highly targeted email to a Tibetan human rights organization, demonstrating that APT1 is involved in more than just industrial and corporate espionage.

In this blog post, we report on malware campaigns targeting human rights groups using the PlugX Remote Access Trojan (RAT).

The Citizen Lab analyzes a recent targeted malware attack against the Tibetan community spoofing the June 14, 2012 resolution of the European Parliament (EP) on the human rights situation in Tibet. While such repurposing of authentic content for use as a malware delivery mechanism is not unusual, this incident raises serious questions surrounding the use of legitimate political resources for illegitimate ends.

Archives of Citizen Lab Briefing newsletters we’ve sent. Subscribe to the Citizen Lab newsletter. Privacy Policy 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 2019 February 2019 – Citizen Lab researchers targeted, continued abuse of NSO technology in Mexico, and applications open for 2019 Citizen Lab Summer Institute 2018 November… Read more »

Google’s announcement Tuesday that it might pull out of the Chinese market has cast a sharp focus on long-standing accusations about the shadowy world of Chinese hackers. Since at least 2002, human rights activists have accused the Chinese government and military of infiltrating their computers as well as those maintained by private companies and nongovernmental… Read more »

Well-known human rights advocates in China and a Tibetan rights activist in the United States have disclosed that their Gmail accounts have been compromised. They came forward after Google’s announcement of a sustained cyber attack on activists and other illicit accessing of accounts, but stressed that the problem goes back much further. Some in China… Read more »

The decision by Google to draw a line and threaten to end its business operations in China brought attention to reports of Chinese high-technology espionage stretching back at least a decade. But despite Google’s suggestion that the hacking came from within China, it remained unclear who was responsible. Nevertheless, it presented the Obama administration with… Read more »

Jump to: Citizen Lab Reports External Publications Submissions Op-Eds, Letters, & Comments Books Guides Joint Reports OpenNet Initiative   Citizen Lab Reports Rebekah Brown, Marcus Michaelsen, Matt Brooks, and Siena Anstis. “Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware,” Citizen Lab Report No. 185, University of Toronto, April 28, 2025. Alberto Fittarelli, M. Scott,… Read more »

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.