¶40. (U) Worldwide – Has “GhostNet” been seen within the USG?
¶41. (S//REL TO USA, FVEY) Key highlights:
o Canadian researchers recently identified a “cyber-espionage” network.
o Domain names identified in the IWM report have been identified during previous BH activity.
o Tenuous connections were made between the reported hostile domains and the PLA First TRB.
o The Gh0st RAT tool used in Tibetan attacks has also been detected in incidents involving a DoS LES in Japan.
¶42. (U) Source paragraph: “A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. … The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.”
For the full cable, see here.