New York: Western intelligence agencies have issued a joint warning over the growing use of malicious spyware linked to Chinese state actors, raising alarm over its deployment against individuals and groups critical of Beijing’s policies. The alert highlights a concerning escalation in digital surveillance operations allegedly orchestrated through a contractor tied to China’s Ministry of Public Security.
The advisory, released late Tuesday, was signed by cybersecurity agencies from the United States, United Kingdom, Canada, Australia, New Zealand, and Germany. It outlines a “growing threat” stemming from mobile surveillance tools distributed by Sichuan Dianke Network Security Technology Co., Ltd., a Chengdu-based company suspected of state affiliations.
Those identified as primary targets include supporters of Taiwanese independence, Tibetan rights activists, Uyghur Muslims, Hong Kong democracy advocates, and members of the Falun Gong spiritual movement. Britain’s National Cyber Security Centre (NCSC) stated that individuals affiliated with these causes remain vulnerable to state-backed cyber espionage campaigns.
The spyware, categorized into two malware strains known as “BADBAZAAR” and “MOONSHINE”, is reportedly designed to extract sensitive data from mobile phones. In addition to harvesting personal information, the malware grants remote access to cameras, microphones, and geolocation data, making it a potent tool for surveillance.
“The indiscriminate way this spyware is spread online also means there is a risk that infections could spread beyond intended victims,” the NCSC advisory cautioned, noting that non-governmental organizations, journalists, and business professionals associated with targeted groups could also be at risk.
Also Read | IMF and Argentina Reach $20 Billion Staff-Level Deal to Stabilize Economy
Tensions in the Indo-Pacific region have heightened in recent weeks, particularly following Chinese military drills conducted around Taiwan on April 1 and a visit by U.S. Defense Secretary Pete Hegseth to the Philippines on March 28. During his visit, Hegseth reiterated America’s stance on countering Chinese aggression in the region.
The warning builds upon longstanding assessments by cybersecurity researchers, many of whom have previously linked Sichuan Dianke to spyware infrastructure used in previous campaigns. A January 29 report by Intelligence Online, a publication specializing in intelligence affairs, connected the contractor to malicious cyber activities conducted on behalf of the Chinese state.
Also Read | Trump Targets Cornell, Northwestern in Sweeping Review of Campus Policies
Responding to the allegations, Liu Pengyu, spokesperson for the Chinese Embassy in Washington, told Reuters that China “firmly opposes the smear attacks against China without any factual basis,” adding that attributing cyberattacks remains a technically complex process. “We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.”
The U.S. Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and intelligence agencies in Australia, Canada, Germany, and New Zealand jointly contributed to the advisory, according to the NCSC. The FBI declined to comment on the matter, while the NSA did not respond to requests.
