A hacking group dubbed "Scarlet Mimic" with potential links to the Chinese government is targeting minority rights activists, as well as Russian and Indian government institutions.
“Scarlet Mimic is likely a well-funded and skillfully resourced cyber adversary,” security researchers at Palo Alto Networks, who have been tracking the group for seven months, said this week. They’ve traced the group’s hacking activity back at least four years.
In that time, Scarlet Mimic's goals have aligned with those of the Chinese government, according to the researchers. Scarlet Mimic has primarily launched information-gathering campaigns targeting Uighur and Tibetan activists. Both groups have long-running disputes with the Chinese government.
Researchers cautioned, however, that their investigation had uncovered no evidence “directly linking these attacks to a government source.”
Since the Chinese army marched into majority Tibetan territory in 1950, Tibetans have pushed back against Chinese rule. Protests break out regularly, and since 2009 nearly 140 people have lit themselves on fire in protest of what they believe is Chinese occupation.
Beijing has also clashed with its Uighur population, a mostly Muslim group that lives in the autonomous region of Xinjiang and speaks a language related to Turkish. Separatist movements have occasionally flared up, but Beijing has suppressed these demonstrations.
Both these groups, the researchers said, “have been targets of multiple sophisticated attacks in the past decade.”
“Scarlet Mimic attacks have also been identified against government organizations in Russia and India, who are responsible for tracking activist and terrorist activities,” they added.
Tibet has a government-in-exile stationed in India, but the researchers did not say whether this was a target of Scarlet Mimic’s cyberattacks.
In recent years, Chinese authorities have been accused of conducting several high-profile surveillance campaigns.
The Chinese government was widely suspected of being behind a hack of Apple’s cloud storage service, possibly to track protesters in Hong Kong.
It’s also believed Beijing orchestrated a massive cyber espionage campaign targeting U.S. government workers. The effort is thought to include hacks at major U.S. health insurance firms, airlines and the Office of Personnel Management (OPM), the government agency that houses highly-sensitive security clearance background checks.