Illustration: Annelise Capossela/Axios

A Chinese government-associated hacking group that shifted its focus this spring toward collecting intelligence involving coronavirus response has again reoriented its work, this time to target Tibetan dissidents, according to security firm Proofpoint.

Between the lines: China’s intelligence services may now feel that, with the initial COVID-19 crisis in both Europe and China now receding, they can return to older, core priorities.

Details: Proofpoint connected the most recent activity to the same Chinese group behind the coronavirus campaign because of shared email accounts employed during phishing campaigns, use of the same "new malware family," and the group’s historical targeting patterns.

  • This Chinese hacking group has a well-documented history of targeting Tibetan dissident and exile organizations. Chinese intelligence places great emphasis on tracking human rights figures and dissidents abroad — and Tibetan groups are among its top targets.
  • Until now, the group of late had been targeting “European diplomatic and legislative bodies, non-profit policy research organizations, and global organizations dealing with economic affairs” in response to the pandemic, Proofpoint says.

Context: The push for Tibetan autonomy is one of what the Chinese Communist Party calls the “Five Poisons” that it believes threaten national unity and its power.

  • The others are the assertion of Taiwanese independence, the call for Uighur rights, pro-democracy movements, and Falun Gong, a spiritual practice banned in China.
  • Keeping a close eye on these is a core feature of Beijing’s internal and external counterintelligence strategies, including its cyber espionage efforts.

Go deeper

Foreign, domestic disinformation deepens U.S. fissures

Illustration: Sarah Grillo/Axios

American democracy faces what could be its greatest test in a lifetime as signs mount that Russia is working to interfere in the 2020 U.S. presidential election, while the Trump administration and its allies systematically minimize those efforts, in the process becoming an accessory to them.

Why it matters: It's becoming ever more difficult to find any boundary between foreign meddling and domestic disinformation.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Eniola Odetunde/Axios

  1. Global: Total confirmed cases as of 10 p.m. ET: 30,065,728 — Total deaths: 944,604— Total recoveries: 20,423,802Map
  2. U.S.: Total confirmed cases as of 10 p.m. ET: 6,674,070 — Total deaths: 197,615 — Total recoveries: 2,540,334 — Total tests: 90,710,730Map
  3. Politics: Former Pence aide says she plans to vote for Joe Biden, accusing Trump of costing lives in his coronavirus response.
  4. Health: Pew: 49% of Americans would not get COVID-19 vaccine if available today Pandemic may cause cancer uptick The risks of moving too fast on a vaccine — COVID-19 racial disparities extend to health coverage losses.
  5. Business: Retail sales return to pre-coronavirus trend.
Ina Fried, author of Login
7 hours ago - Technology

Scoop: How the Oracle-TikTok deal would work

Illustration: Aïda Amer/Axios

An agreement between TikTok's Chinese owner ByteDance and Oracle includes a variety of concessions in an effort to make the deal palatable to the Trump administration and security hawks in Congress, according to a source close to the companies.

Driving the news: The deal, in the form of a 20-page term sheet agreed to in principle by the companies, would give Oracle unprecedented access and control over user data as well as other measures designed to ensure that Americans' data is protected, according to the source.