China-linked hackers led phishing campaigns targeting journalists and activists, researchers say
The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.
Freelance hackers linked to the Chinese government spearheaded two sprawling phishing campaigns that relied on more than 100 malicious domains to target journalists and opposition activists over a 9-month-period, new research shows.
Dozens of journalists were targeted along with a large number of activists and other civil society members of the diaspora community from Tibet, Taiwan, Hong Kong and the Uyghur region of China, according to a report released Monday by the digital forensic research institute the Citizen Lab.
The investigation, conducted in partnership with the International Consortium of Investigative Journalists (ICIJ), found that the aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.
Source: https://therecord.media/china-linked-hackers-led-phishing-campaigns-journalists
Related breach coverage
- GopherWhisper: new China-linked APT targets Mongolia with Go-based malware2026-04-26
ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple […]
- Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software2026-04-27
A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal […]
- New Android spyware Morpheus linked to Italian surveillance firm2026-04-28
Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand […]
- Signal Phishing Campaign Targets German Officials in Suspected Russian Operation2026-04-28
Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via […]