A new report from Palo Alto Networks contains evidence that a hacking network, codenamed “Scarlet Mimic” by the cybersecurity firm, has for years been targeting Tibetan and Uyghur activist groups. The findings show that the group has more recently set sights on Russian and Indian government organizations tasked with tracking terrorist activity. Palo Alto Networks’ report states that, while they do not have evidence linking Scarlet Mimic attacks to Beijing, their research “supports an assessment that a group or groups with motivations similar to the stated position of the Chinese government […] is involved.” At PCWorld, Jeremy Kirk summarizes the report, and quotes Palo Alto director Ryan Olson on the firm’s findings:
[…] “All of these [attacks] are actually connected, they’re all coming from the same group,” said Ryan Olson, intelligence director with Palo Alto. “They all share infrastructure with each other, and they’re all using the same tools. This is really a concerted effort by some organization.”
[…] “One of the interesting shifts that we’ve seen in who they’re targeting is that we saw two attacks against government organizations, both of whom are interested in tracking terrorists and activists,” Olson said.
Those attacks have been directed at Russia and India, according to Palo Alto’s report. They’re interesting because government organizations tend to be much better at defending cyberattacks than activists. […] [Source]
Dharamsala-based Tibetans and exiled Uyghur groups have been frequent targets of attacks believed to be emanating from China. In recent years, several reports have been released by security research firms on the targeting of Uyghur and Tibetan activist groups critical of Beijing. For more on this see CDT coverage of a FireEye report on India-based Tibetan activists targeted by a group based in China, or watch the documentary “Tibet: Frontline of the New Cyberwar,” from the Tibet Action Institute.