In this research brief, Seth Hardy describes malware (“GLASSES”) sent in 2010 that is a simple downloader closely related to malware described by Mandiant in their APT1 report. GLASSES appears to be a previous version of malware called GOGGLES by Mandiant, and was sent in a highly targeted email to a Tibetan human rights organization, demonstrating that APT1 is involved in more than just industrial and corporate espionage.

RCI’s Wojtek Gwiazda spoke to Seth Hardy about recent Citizen Lab research on targeted attacks against human rights organizations and others, including the Dalai Lama.

Senior Security Analyst Seth Hardy gave a presentation during this year’s SecTor Conference in Toronto, Canada, which took place from 1-3 October, 2012.

In this blog post, we report on malware campaigns targeting human rights groups using the PlugX Remote Access Trojan (RAT).

The Citizen Lab has analyzed recent targeted malware attacks against Tibetan organizations that share a common payload — LURK malware — and command-and-control server, as well as several other features.

The Citizen Lab announces the publication of a detailed post analyzing several pieces of malware targeting Bahraini dissidents, shared with us by Bloomberg News. The analysis suggests that the malware used is "FinSpy," part of the commercial intrusion kit, Finfisher, distributed by the United Kingdom-based company, Gamma International.

The Citizen Lab analyzes a recent targeted malware attack against the Tibetan community spoofing the June 14, 2012 resolution of the European Parliament (EP) on the human rights situation in Tibet. While such repurposing of authentic content for use as a malware delivery mechanism is not unusual, this incident raises serious questions surrounding the use of legitimate political resources for illegitimate ends.

Morgan Marquis-Boire will participate at the Black Hat USA 2012 Conference, taking place in Las Vegas from 21-26 July 2012.

Eneken Tikk spoke about the diplomatic impact of the Flame virus as well as the group of nations led by China, Russia and several Middle Eastern countries that are seeking to influence operational control of the Internet.

“Thanks to Stuxnet, the Internet Freedom agenda, and the Arab Spring, cyberspace is now political space and matters a great deal in international relations,” writes Chris Bronk, Fellow in Information Technology Policy at the Baker Institute for Public Policy, Rice University.