Threat Research has tracked low-volume phishing campaigns targeting Tibetan organizations globally. In January and February 2021, experts observed threat actors aligned with the Chinese Communist Partys state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users Gmail accounts. The email was delivered from a known TA413 Gmail account that has been in use for several years, which imitates the Bureau of His Holiness the Dalai Lama in India. Threat actors appear to be targeting users that are utilizing a Firefox Browser and are utilizing Gmail in that browser.”]