Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign

Volexity documents a targeted watering‑hole campaign attributed to a Chinese APT dubbed “Storm Cloud” that compromised over two dozen Tibetan websites beginning in 2018–2019, using obfuscated JavaScript to fingerprint visitors and show fake Adobe Flash update dialogs to socially engineer victims into installing Windows payloads; the report describes multiple delivered backdoors (PlugDat, Stitch, GOSLU, BrainDamage and simple downloaders), possible related Android RAT APKs, hosting and C2 infrastructure, and includes IoCs and helper scripts for analysis.