A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection.
“The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a
