WASHINGTON, March 24 (UPI) -- Malicious e-mail and other cyberattacks on Tibet advocacy groups in the United States are linked to Internet servers used in past hacker intrusions traced by U.S. law enforcement to China.

The link, made by security experts on the basis of publicly available data, is the first direct evidence the recently intensified attacks against the Tibet groups, reported by United Press International a week ago, were launched from China. But it remains unclear to what extent -- if any -- the Chinese government or military is implicated.

The news follows charges last week from the Save Darfur Coalition, a group opposing Chinese policy in Darfur, they had been the target of intrusion attempts "which appeared to originate in China and seemed intent on subversively monitoring, probing and disrupting coalition activities."

The recent cyberattacks on several Tibet groups were analyzed by a security researcher for the SANS Internet security organization, Maarten Van Horenbeeck, who followed cyberattacks against Tibet organizations, and advocates for other Chinese ethnic groups such as the Uighurs, for many years.

Van Horenbeeck told United Press International that the attacks used e-mails purporting to come from known associates of the victims with attachments containing malicious code -- so-called Trojan horse software -- that stole e-mail and contact data, passwords and other information and covertly sent it on the Internet to special command servers. One domain address that came up as the destination for data stolen from supporters of the Students for a Free Tibet group was familiar to him. Cvnxus.8800.org has been used by hackers "again and again" over the years, he said.