Chinese state-backed hacking group targeted Tibetan organizations in cyber-espionage campaign. Attacks coordinated by TA413 Chinese-linked APT group started in January and continued throughout February. The group used a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. The Chinese state hackers also infected victims with the Scanbox malware reconnaissance framework, which allowed them to harvest their targets’ data and log their keystrokes. The use of browser extensions to target the private Gmail accounts of users demonstrates the malleability of TA413 when targeting dissident communities, Proofpoint concluded.
Source: https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/