Reuters exclusive details years-long attack by China aimed at stealing commercial secrets from tech firms’ clients.
Sophisticated Chinese hackers who used an iPhone security flaw to target ethnic minority Uighurs also went after Tibetans in exile, according to a report published on Tuesday.
It was the first detected use of malicious software – “1-click” malicious links that are easily deployed on targets’ mobile devices – against exiled Tibetans, requiring only a single click on a mobile device to work, said Canada-based research group Citizen Lab.
In the attacks, people posing as human rights workers or journalists contacted unnamed senior figures in Tibetan groups over Facebook’s WhatsApp messaging service, according to screenshots featuring their phone numbers posted in the Citizen Lab report.
Citing the technical similarities between these attacks and ones uncovered by US tech firms against Uighurs, the report suggested that forces who were probably working with the Chinese government may be upgrading their surveillance efforts against key minorities.
The Tibetans are protesting against China’s rule of their mountainous Himalayan region while the Uighurs are a mostly Muslim minority group considered a possible security threat by Beijing.
China‘s foreign ministry and the Cyberspace Administration of China did not immediately respond to requests for comment.
Citizen Lab, based at the University of Toronto, said it had worked with the recently established Tibetan Computer Emergency Readiness Team (TibCERT), a coalition of Tibetan organisations working on digital security, to probe cyberattacks that occurred between November 2018 and May 2019.
Reuters was not able to independently confirm the authenticity of the screenshots or details of the report.
Among the entities targeted in November 2018 were the private office of Tibetan spiritual leader the Dalai Lama, the Tibetan Parliament, and human rights organisations, the report said.
Using well-crafted cover stories, the attackers tried to entice the targets to click on links to websites that would have installed spyware on Apple or Android devices, the report said.
Eight of the 15 Tibetans known to have received the tainted links recalled opening them, the researchers said.
All their devices were protected by patches that had been issued for the security flaws, but the researchers followed the links themselves to determine what would have happened.
Citizen Lab said the spyware aimed at the Tibetans had also been used to target Uighurs in two campaigns revealed in the past month. One was discovered by Google, and another by security company Volexity.
An Apple spokesman said the company had discussed the issue with Citizen Lab and confirmed that the attack tools would not have worked against the Tibetan targets who had updated their iPhones.
“We always encourage customers to download the latest version of iOS for the best and most current security enhancements,” said spokesman Todd Wilder.
China is facing growing international criticism over its treatment of Uighurs in the Xinjiang Uighur Autonomous Region. It has repeatedly denied involvement in cyberattacks or any mistreatment of the Uighur people.
Although lead Citizen Lab researcher Bill Marczak said Citizen Lab found “a very clear nexus with China,” he acknowledged that “it doesn’t automatically mean it’s the government, it’s kind of hard to say from a technical point of view.”
Lobsang Gyatso, secretary of TibCERT, said that the group would use the report to spread awareness of hacking tactics and promote better defence.