Chinese advanced persistent threat (APT) identified as TA413, which has been previously attributed to attacks against Tibetan diaspora. Researchers say the attacks were detected in January and February 2021, a pattern that has continued since March 2020. The infection chain begins with a phishing email impersonating the “Tibetan Women’s Association” using a TA413-linked Gmail account that’s known to masquerade as the Bureau of His Holiness the Dalai Lama in India. Once installed, the extension comes with features to search, read, delete messages and even forward and send emails from the compromised Gmail account.
Source: https://thehackernews.com/2021/02/chinese-hackers-using-firefox-extension.html