Western intelligence agencies said on Tuesday that China’s security services are using harmful mobile spyware apps to spy on people they see as opponents, including Taiwan’s independence activists and Tibetan rights advocates.
An advisory issued late on Tuesday warned of “the growing threat” posed by malicious surveillance software deployed by a Chengdu-based contractor reported to have ties to China’s Ministry of Public Security.
The advisory was signed by cybersecurity agencies in Britain, the U.S., Canada, New Zealand, Australia and Germany.
Those most at risk include people connected to Taiwanese independence, Tibetan rights, Uyghur Muslims and other minorities in the Xinjiang Uyghur Autonomous Region, democracy advocates (including in Hong Kong) and the Falun Gong spiritual movement, according to Britain’s National Cyber Security Centre in the advisory.
The warning comes amid increasing tensions surrounding Taiwan, including April 1 Chinese military drills around the island and a March 28 visit to the Philippines by U.S. Defence Secretary Pete Hegseth in which he reaffirmed Washington’s commitment to deterring Chinese aggression in the region.
The Chengdu-based contractor, Sichuan Dianke Network Security Technology Co., Ltd., was linked to the deployment of a pair of distinct malware packages. They were tracked as “BADBAZAAR” and “MOONSHINE” and used to ferret sensitive information from mobile devices while also giving operators remote access to devices’ cameras, microphones and location data, the advisory said.
The warning is for non-governmental organizations, journalists, businesses and other individuals who advocate for or represent the groups, the NCSC said in the advisory.
“The indiscriminate way this spyware is spread online also means there is a risk that infections could spread beyond intended victims,” it said.
China Denies Accusation
Liu Pengyu, spokesperson for the Chinese Embassy in Washington, told Reuters that China “firmly opposes the smear attacks against China without any factual basis,” and that the tracing of cyberattacks is complex.
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.”
The warnings build on previous cybersecurity industry reporting that detailed malware and infrastructure have been used by the contractor going back several years.
The advisory cited a January 29 report published by Intelligence Online, a news organization focused on international intelligence operations, linking the spyware to the contractor. The report said the contractor has provided services to China’s Ministry of Public Security.
The FBI, NSA and intelligence agencies in Australia, Canada, Germany and New Zealand participated in the advisories, according to the NCSC.
The FBI declined to comment and the NSA did not respond to requests for comment.
(With inputs from Reuters)
