Taipei, Taiwan —

A new report from a team of Tibet-focused cybersecurity analysts details how hackers with ties to the Chinese government used cyberespionage tactics to target members of the Tibetan government-in-exile and the office of Tibetan spiritual leader the Dalai Lama .

“Spyware as a ServiceThe report released Thursday used information from a massive data leak in February by Chinese cybersecurity firm I-Soon. Hackers have been targeting the phones of Central Tibetan Administration (CTA) officials since 2018, and the vast amount of information collected by Chinese hackers could pose significant security risks to them and those in their social networks, the report said.

The target “represents a significant shift in tactics used by threat actors, marking an adaptation to modern communication methods and an understanding of the increasing reliance on mobile devices for personal and professional activities,” the report said. Turquoise Roof, a Tibet-focused research network, published the report.

The February data dump is a treasure trove of information about Chinese cyber espionage and other activities. Leaked documents show that private company I-Soon’s clients include the Chinese police, China’s Ministry of Public Security and the People’s Liberation Army. The leaked information also details the tools and tactics used by the group and connections between Chinese hacking groups.

“tip of the iceberg”

Greg Walton, a senior investigator at British security consultancy Secdev Group, said the new findings provided a glimpse into China’s “vast cyber espionage apparatus” that has targeted ethnic minorities over the past few decades.

“While this discovery is just the tip of the iceberg, its implications are significant,” said Walton, the report’s author.

“These findings help us understand more about opaque systems [that the Chinese authorities] It has been used against the West,” he told VOA by phone.

A leaked white paper described in the report highlights how I-Soon exploited the compromised email inboxes of the Tibetan authorities in exile to demonstrate how their systems could meet the needs of Chinese intelligence agencies to “mine large amounts of intercepted email data.”

“The platform is designed to facilitate the investigation of an individual’s ‘network’ and to intricately map the social networks of targeted individuals,” the report reads.

Walton said the white paper provided rare insight into “the capabilities of the Chinese party-state.”

“[Since] We know that I-Soon has been selling services to Chinese intelligence agencies, including the Tibetan Public Security Bureau, and we noted in our report that social network analysis obtained from exiles’ inboxes could be sold to Tibetan authorities,” he told VOA.

In his view, Chinese authorities could incorporate “networks of personal and professional contacts” identified from stolen email inboxes of exiled Tibetan officials into the big data policing platforms they use to suppress local Tibetan communities.

“The platform has played an important role in a campaign to criminalize moderate cultural and religious expression, language rights advocacy, and superficial ties to Tibetan exile networks,” Walton said.

Responding to the report’s findings, the Chinese Embassy in Washington said Beijing has always “resolutely opposed and cracked down on all forms of cyber hacking” in accordance with the law.

Chinese Embassy spokesperson Liu Pengyu told VOA in a written response that the accusations in the report “completely confuse right and wrong.”

The threat of Chinese cyber espionage is longstanding

The Central Tibetan Administration and overseas Tibetan communities have been targets of Chinese cyber espionage for more than a decade. In 2008, a large-scale cyber operation called “GhostNet” linked to a specialized unit of the Chinese People’s Liberation Army caused serious problems for the entire Tibetan community.

According to reports, between November 2018 and May 2019, some senior members of Tibetan groups reportedly received malicious links in customized WhatsApp text exchanges pretending to be NGO workers and other false personas. Research Conducted by the University of Toronto Citizen Lab.

According to a Turquoise Roof report, the escalation of cyber operations by China’s military and intelligence services targeting the Tibetan administrative region “syncs” with the Tibetan government-in-exile’s increased investment in its digital presence and reliance on digital systems to interact with diaspora communities abroad.

Some Tibetan organizations have been conducting training to build resilience against Chinese cyberattacks.

“The Tibet Action Institute provides technical assistance to Tibetan-in-exile organizations, and they often teach us what security measures we can take to prevent our accounts or digital devices from being hacked,” said Ngawang Lungtok, researcher at the Tibetan Center for Human Rights and Democracy explain. , told VOA by phone.

In recent years, the Tibet Autonomous Region Taxation Bureau has also been working to improve its technical capabilities and provide guidance to all Tibetan officials.

“The Tibetan Computer Resource Center regularly provides training and seminars,” Tibetan Administration spokesperson Tenzin Lekshay told VOA in a written response.

Walton added that the CTA even sends people to the United States for specialized training.

“CTA has some great people who were trained in the United States and are now able to help address the risks posed by Chinese cyberattacks,” he said.

The I-Soon leaks provide important insights into the use of AI-driven surveillance systems by Chinese authorities to “exercise political control” at home and abroad, the report said. It also showcases Beijing’s efforts to “improve its espionage capabilities” by using novel intelligence tactics to target vulnerable populations, such as Tibet, ahead of global deployments.

Given the impact of cyber espionage on Tibetans, Walton said he sees investing in protecting vulnerable populations from digital transnational repression “as an example of combining traditional security with human rights advocacy.”