Western agencies warn of Chinese spyware targeting activists

Western intelligence agencies have issued a rare joint advisory warning of an increasing threat from Chinese surveillance tools targeting activists, journalists, and minorities.

The warning, released Tuesday and signed by cybersecurity authorities from the U.S., U.K., Canada, Australia, New Zealand, and Germany, highlights spyware allegedly linked to China’s Ministry of Public Security.

According to the advisory, the malicious tools were developed by a Chengdu-based contractor, Sichuan Dianke Network Security Technology Co., and include two known malware packages: BADBAZAAR and MOONSHINE. The software reportedly enables remote access to mobile phone cameras, microphones, and location data.

The primary targets include individuals and organisations connected to Taiwanese independence, Tibetan rights, Uyghur Muslims, the Falun Gong movement, Hong Kong democracy campaigns, and other groups considered sensitive by the Chinese government.

Britain’s National Cyber Security Centre (NCSC) said the spyware was being distributed through malicious apps, warning that “infections could spread beyond intended victims” due to the indiscriminate nature of the malware.

The advisory builds on earlier cybersecurity research and a January 29 report by Intelligence Online that connected the malware to China's internal security apparatus.

Tensions surrounding Taiwan and China’s regional posture have been growing. On April 1, China conducted new military drills around Taiwan. Days earlier, on March 28, U.S. Defense Secretary Pete Hegseth reaffirmed Washington’s commitment to deterring Chinese aggression during a visit to the Philippines.

The Chinese embassy has not responded to requests for comment.

The FBI, NSA, and allied cybersecurity agencies participated in the advisory, underscoring the level of concern among Western governments over Beijing’s expanding cyber capabilities.

Copied