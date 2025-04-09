Western intelligence agencies warn spyware threat targeting Taiwan, Tibetan rights advocates

DETROIT (Reuters) – Western intelligence agencies warned on Tuesday of an increasing threat from Beijing's security services to use malicious mobile phone applications to surveil Taiwanese independence activists, Tibetan rights advocates and others opposed by the Chinese government.

An advisory issued late on Tuesday warned of "the growing threat" posed by malicious surveillance software deployed by a Chengdu-based contractor reported to have ties to China’s Ministry of Public Security. The advisory was signed by cybersecurity agencies in Britain, the US, Canada, New Zealand, Australia and Germany.

Those most at risk include people connected to Taiwanese independence, Tibetan rights, Uyghur Muslims and other minorities in the Xinjiang Uyghur Autonomous Region, democracy advocates (including in Hong Kong) and the Falun Gong spiritual movement, according to Britain’s National Cyber Security Centre in the advisory.

The warning comes amid increasing tensions surrounding Taiwan, including April 1 Chinese military drills around the island and a March 28 visit to the Philippines by US Defense Secretary Pete Hegseth in which he reaffirmed Washington’s commitment to deterring Chinese aggression in the region.

The Chengdu-based contractor, Sichuan Dianke Network Security Technology Co., Ltd., was linked to the deployment of a pair of distinct malware packages. They were tracked as “BADBAZAAR” and “MOONSHINE” and used to ferret sensitive information from mobile devices while also giving operators remote access to devices’ cameras, microphones and location data, the advisory said.

The warning is for non-governmental organisations, journalists, businesses and other individuals who advocate for or represent the groups, the NCSC said in the advisory.

“The indiscriminate way this spyware is spread online also means there is a risk that infections could spread beyond intended victims," it said.

Liu Pengyu, spokesperson for the Chinese Embassy in Washington, told Reuters that China "firmly opposes the smear attacks against China without any factual basis," and that the tracing of cyberattacks is complex. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."

The warnings build on previous cybersecurity industry reporting that detailed malware and infrastructure have been used by the contractor going back several years.

The advisory cited a January 29 report published by Intelligence Online, a news organisation focused on international intelligence operations, linking the malware to the contractor. The report said the contractor has provided services to China’s Ministry of Public Security.

The FBI, NSA and intelligence agencies in Australia, Canada, Germany and New Zealand participated in the advisories, according to the NCSC.

The FBI declined to comment and the NSA did not respond to requests for comment.