Report sheds light on Chinese phishing campaigns against journalists, activists

Chinese state-backed freelance hackers have launched a pair of phishing campaigns aimed at journalists and opposition activists in Taiwan, Hong Kong, Tibet, and China's Uyghur region in a span of nine months, according to The Record, a news site by cybersecurity firm Recorded Future.

First of the campaigns was GLITTER CARP, which involved the targeting and spoofing of International Consortium of Investigative Journalists members, a report from the Citizen Lab and the ICIJ revealed. Uyghur Canadian activist Mehmet Tohti, who was one of those targeted by the campaign, reported receiving a WhatsApp message claiming to be from a famous Uyghur filmmaker who sought to obtain his email address. While Tohti did not provide his Google credentials upon clicking a link included in the supposed filmmaker's email, he was sent a fake Chinese-language Google security alert.

On the other hand, the SEQUIN CARP campaign, which entailed more comprehensive social engineering, was aimed at ICIJ journalist Scilla Alecci and other reporters focused on China-related issues. Such operations have allowed China to not only reduce costs for transnational repression intrusions but also obtain a "layer of plausible deniability," said the report.