Chinese Phishing Campaigns Target Journalists and Activists

Chinese Phishing Campaigns Target Journalists and Activists

First seen 30 Apr 2026, 17:02 UTC Icijcitizenlab.caScworldAsianews.Ittherecord.media 80% similarity 72.5

Article Content

Browse articles
ThreatCluster

Recent reports reveal two coordinated phishing campaigns, GLITTER CARP and SEQUIN CARP, targeting journalists and activists linked to the International Consortium of Investigative Journalists (ICIJ) and other critical voices against the Chinese government. These operations, attributed to state-backed actors, involve impersonation tactics to steal sensitive information from individuals, including Uyghur, Tibetan, and Taiwanese activists. The campaigns have been linked to over 100 fraudulent domains aimed at credential theft and surveillance. Notable incidents include a fake email sent to Taiwanese journalist Kuochun Hung, impersonating a respected colleague, and attempts to contact Uyghur activist Mehmet Tohti through WhatsApp. The ICIJ's collaboration with Citizen Lab has highlighted the growing sophistication of these attacks, which are seen as part of China's broader strategy of digital transnational repression. The ongoing nature of these operations indicates a significant threat to targeted individuals and organizations.

Key Points: • Chinese state-backed actors are conducting sophisticated phishing campaigns against journalists. • The GLITTER CARP and SEQUIN CARP operations use impersonation to steal sensitive information. • Over 100 fraudulent domains have been identified, indicating a large-scale effort to surveil dissidents.

ThreatCluster AI

Timeline

2025-05-01
ICIJ publishes 'China Target' report on repression of dissidents.
2025-05-01
Kuochun Hung receives a phishing email impersonating a journalist.
2026-04-27
Citizen Lab and ICIJ release report detailing phishing campaigns.
2026-04-30
Asianews reports on the phishing attempts targeting ICIJ members.

Community

Browse all →