Cybersecurity researchers have unveiled new evidence on a possible Chinese government hacking operation that has monitored Tibetan and Uyghur communities. The campaign, dubbed Scarlet Mimic, has been active for at least four years and has employed sophisticated surveillance techniques on minority groups with strained government relations.
The Uyghur and Tibetan minorities have sparred with the Chinese government on a range of issues since the Communist Party took power in 1949. Both groups have been targeted for surveillance via the vulnerability known as FakeM. FakeM typically is a Windows backdoor that enables hackers to control victims' Windows Messenger and Yahoo Messenger accounts, though the security company Palo Alto Networks now has evidence FakeM has been used against mobile devices.
“We do not have evidence directly linking these attacks to a government source, but the information derived from these activities supports an assessment that a group or groups with motivations similar to the stated position of the Chinese government in relation to these targets,” Palo Alto Networks said in a statement widely reported Monday.
The hacking group was most recently active in 2015. Last year, Scarlet Mimic expanded its focus to move against Russian and Indian government organizations that track activist and terrorist groups, perhaps because those targets have additional information on groups the Chinese government has interest in.
Scarlet Mimic primarily relies on spearphishing, which involves sending a disguised, infected email to a specific target, to access their victims computers.