Security researchers have lifted the lid on an apparently Chinese government-sponsored hacking group which has progressed from targeting activists to setting its sights on foreign government organisations gathering intelligence on the same targets.
The so-called "Scarlet Mimic" organisation has been active for at least four years and initially focused on minority rights activists, primarily Uyghur and Tibetan groups, according to Palo Alto Networks.
Both groups have been targets of multiple sophisticated attacks in the past decade. Uyghur and Tibetan activists each share history of strained relationships with the Chinese government (PRC, or People’s Republic of China).
It should be noted that the network and enterprise security company does not have evidence that directly links Scarlet Mimic attacks to the PRC. Even so, China must be considered a prime suspect in the attacks given its associations with state-sponsored hacking ventures, and its moves to tackle hacking issues.
More recently Scarlet Mimic attacks have also been identified in moves against government organisations in Russia and India, chiefly those responsible for tracking activist and terrorist activities. Palo Alto Networks suspects these targets are selected based on their access to information about the targeted minority groups.
More details on the research by Palo Alto Networks, Unit 42, into the actives of Scarlet Mimic can be found in a blog post here. ®