Sep 9, 2020 - Technology

Chinese hacking group moves on from targeting COVID intelligence

Illustration of an open padlock with the Chinese flag on it

Illustration: Annelise Capossela/Axios

A Chinese government-associated hacking group that shifted its focus this spring toward collecting intelligence involving coronavirus response has again reoriented its work, this time to target Tibetan dissidents, according to security firm Proofpoint.

Between the lines: China’s intelligence services may now feel that, with the initial COVID-19 crisis in both Europe and China now receding, they can return to older, core priorities.

Details: Proofpoint connected the most recent activity to the same Chinese group behind the coronavirus campaign because of shared email accounts employed during phishing campaigns, use of the same "new malware family," and the group’s historical targeting patterns.

  • This Chinese hacking group has a well-documented history of targeting Tibetan dissident and exile organizations. Chinese intelligence places great emphasis on tracking human rights figures and dissidents abroad — and Tibetan groups are among its top targets.
  • Until now, the group of late had been targeting “European diplomatic and legislative bodies, non-profit policy research organizations, and global organizations dealing with economic affairs” in response to the pandemic, Proofpoint says.

Context: The push for Tibetan autonomy is one of what the Chinese Communist Party calls the “Five Poisons” that it believes threaten national unity and its power.

  • The others are the assertion of Taiwanese independence, the call for Uighur rights, pro-democracy movements, and Falun Gong, a spiritual practice banned in China.
  • Keeping a close eye on these is a core feature of Beijing’s internal and external counterintelligence strategies, including its cyber espionage efforts.
Go deeper