Modern field guide to security and privacy

Digital attacks on China critics intensify, says cybersecurity firm

The group behind the so-called Scarlet Mimic malware campaign that has traditionally targeted Tibetan and Uyghur groups are using more sophisticated tools and going after new targets, according to Palo Alto Networks.

Mike Segar/Reuters/File
A protester across from United Nations Headquarters in New York.

A shadowy hacker group with suspected ties to the Chinese government has increased its attacks on human rights groups and is even targeting the Russian spy agency, according to a report released Monday.

The cybersecurity company Palo Alto Networks noticed a recent upswing in activity in a four-year-old malware campaign dubbed "Scarlet Mimic," a reference to the program attackers use to imitate legitimate software, designed to steal location data and sensitive communications from targeted computers.

While the attackers mostly target organizations that support the rights of Tibetan and Uyghur minorities, the unknown group behind the campaign appears to be targeting the Russian Federal Security Service and Indian government organizations with targeted phishing attacks.

Palo Alto doesn't have specific proof linking the attacks to elements in the Chinese government or military, but the firm says the hackers' behavior and the profiles of the victims suggest China is either officially or unofficially involved in the malware campaign.

"We do believe there is a government behind this," says Ryan Olson, director of threat intelligence at Palo Alto's Unit 42 research team. "But we don’t have any evidence linking China" directly to Scarlet Mimic, he said.

Over the past year, China has been blamed for a string of massive data breaches and hacks in the US, from the Office of Personnel Management incursion to the Anthem data breach. But for years, civil society and rights groups such as the World Uyghur Congress and Tibetan Alliance of Chicago have complained they are under constant digital surveillance and attack from Chinese agencies. 

For instance, in 2012, the cybersecurity firm FireEye described how Tibetan activists – ranging from personal envoys of the Dalai Lama to students in San Francisco – were victims of near daily cyberattacks.

Mr. Olson said the firm is publishing data about the increase in attacks in hopes it will expose hackers' techniques and enable likely targets to effectively boost security. "Our main goal in publishing this info is to expose these attack tools and infrastructure and to make them redevelop everything."

In addition to targeting Windows systems, the group behind Scarlet Mimic have recently started using malware to infect Android and Apple’s Mac OS X operating systems. 

In most cases, the attackers use spear-phishing e-mails with a malicious attachment to compromise the systems of targeted individuals. People who open the attachments inadvertently download a malware tool that takes advantage of a variant of a previously known vulnerability in Windows, dubbed FakeM, to infect their systems.

One of the decoy images that Palo Alto recovered included an image comparing Russian President Vladimir Putin to Adolf Hitler. 


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to