Inside the campaign that tried to compromise Tibetans’ iOS and Android phones
Various Tibetan organizations were the targeted of a six-month cyber espionage campaign targeting iOS and Android devices, a new Citizen Lab report shows. Hackers from a threat group dubbed Poison Carp contacted individuals via WhatsApp, while masquerading as journalists and human rights researchers. The attackers used social engineering to encourage victims to click on links they provided. The URLs would direct users to malicious websites that required only one click by the user in order to compromise their device.
The targeted organizations included the Private Office of His Holiness the Dalai Lama, the Central Tibetan Administration, the Tibetan Parliament, and various Tibetan human rights groups. The campaign shows similarities with a years-long campaign targeting iPhone users that was recently uncovered by Google researchers. That campaign was found to be a Chinese state-backed effort targeting the oppressed Uyghur community in China.