Chinese Phishing Campaigns Target Journalists and Activists

Severity: High (Score: 72.5)

Sources: citizenlab.ca, therecord.media, Scworld

Summary

Chinese state-backed hackers have executed two phishing campaigns, GLITTER CARP and SEQUIN CARP, targeting journalists and activists in Taiwan, Hong Kong, Tibet, and the Uyghur region. The GLITTER CARP campaign impersonated members of the International Consortium of Investigative Journalists (ICIJ), while SEQUIN CARP specifically targeted ICIJ journalist Scilla Alecci. Victims, including Uyghur activist Mehmet Tohti, received deceptive messages designed to extract personal information. These operations reflect China's ongoing digital transnational repression efforts, allowing the state to maintain plausible deniability. The campaigns have been active over a nine-month period, indicating a sustained threat to individuals critical of the Chinese government. The reports highlight the dual approach of direct targeting and impersonation to undermine dissent. The current status of these campaigns remains active, with ongoing risks for targeted individuals. Key Points: • Two phishing campaigns, GLITTER CARP and SEQUIN CARP, targeted journalists and activists. • Victims received deceptive messages aimed at extracting personal information. • The campaigns reflect China's strategy of digital transnational repression.

Key Entities

• Phishing (attack_type)
• Glitter CARP (campaign)
• Sequin CARP (campaign)
• International Consortium Of Investigative Journalists (company)
• China (country)
• Taiwan (country)
• Technology (industry)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• WhatsApp (platform)