A cyber-espionage campaign has been spotted targeting recipients of a mailing list run by the Central Tibetan Administration. The emails purport to be from the CTA said they were commemorating the upcoming 60th anniversary of the Dalai Lama s exile on March 31 with an attached Microsoft PowerPoint document titled Tibet Was Never A Part of China The attachment is actually a malicious PPSX file used as a dropper to allow an attacker to execute various JavaScript scripts and download a payload onto the victims systems.
Source: https://threatpost.com/spy-spam-tibet-exilerat/141460/