Dharamshala — UK-based National Cyber Security Centre (NCSC) has revealed that hackers are targeting Tibetan, Uyghur and Taiwanese groups in the overseas through apps and social media groups, who are advocating human rights and freedom for their own people at home. This is yet another example of China's transnational repression.
The report from the National Cyber Security Centre presents two case studies detailing the techniques used by malicious cyber actors using spyware known as "BADBAZAAR" and "MOONSHINE" to target data on mobile devices, including the smart phones of Tibetans, Uyghurs and Taiwanese.
The NCSC confirms that these hackers are targeting Taiwanese, Tibetans, Uyghurs, Hong Kongers and their NGOs, journalists and those who advocate human rights, freedom and independence for Tibet and Taiwan and collecting information from their phones including photos, messages and important information.
The report states, "MOONSHINE" and "BADBAZAAR are examples of trojans; they have malicious functions hidden inside an otherwise functioning app that can be downloaded from app stores or online file-sharing services. These apps are designed to trick a user into downloading and installing them on a device. Once an app is installed, it uses vulnerabilities on the device to perform unauthorised functions, or it may rely on user granting app permissions to access and download information from the device."
"The actors then exploit the legitimate interests of at-risk groups, to identify and infect as many victims as possible, and gain access to their data. One way they do this is by designing apps they know will appeal to their victims, such as apps which support their native languages, or contain content specific to locations such as Tibetan regions of China or Xinjiang, such as the TibetOne and Uyghur Quran apps" the report added.
"The actors are active in online forums where there is a user base of their intended victims, which maximises their chance to infect victims. They have been observed deliberately sharing spyware in Tibet-related Telegram channels and Reddit forums," the report mentioned.
The report explains, "BADBAZAAR has been used to target Tibetans via the app Tibetone, as reported by Lookout and Volexity. Tibetone is an iOS app created by the malicious actors, with the capability to access device information and location data. It was uploaded to the Apple App Store in December 2021 but is no longer available. To spread the malware further, the actors also advertised the app in a Telegram channel called tibetanphone."
The NCSC also listed names of applications that are harmful or used by hackers to attack Tibetans, both in Tibet and in exile, using Tibetan language applications and websites. These include Buddhist Songs (1) with the word God(佛), Tibetan Divination System MO, Tibetan Prayer, Tibetan-Chinese Dictionary (com.dacd.dictionary), Sunshine Tibetan-Chinese translator (阳光藏汉), Basic data for the Tibetan calendar (藏历基本数据), True Call, WhatsApp (blue and color), and you tube downloader etc.
This is not the first time the Chinese government has used various methods to attack Tibetans and spread misinformation about His Holiness the Dalai Lama and Tibet. They are also attacking Tibetan media and websites such as Tibet Post International, which write about the teachings and speeches of His Holiness the Dalai Lama, the human rights situation in Tibet and how the Chinese government violates the fundamental rights of Tibetans, including freedom of expression and religion.
The Chinese government-backed individuals from China also used fake Facebook, Instalgram and X accounts as if they were Tibetans in exile, defaming His Holiness the Dalai Lama, disrupting or dividing the Tibetan community in exile by writing posts in English and Tibetan.
