In collaboration with the International Consortium of Investigative Journalists (ICIJ), we identified two distinct actors aligned with the People’s Republic of China that have been targeting and impersonating journalists and civil society. Our findings provide insight into the Chinese government’s practice of digital transnational repression and its shift to a system of state-sponsored attacks carried out by private contractors.

In collaboration with the International Consortium of Investigative Journalists (ICIJ), we identified what we conclude to be two separate actors aligned with the People’s Republic of China. In Part I of this report we discuss the operators we track as GLITTER CARP,¹ who both targeted and impersonated various ICIJ members. In Part II we discuss the operators we track as SEQUIN CARP, whose primary observed target was ICIJ journalist Scilla Alecci and other international journalists writing about topics of critical interest to the Chinese government. The dual targeting of the ICIJ—with distinct approaches and tactics—gives insight into the Chinese government’s practice of digital transnational repression (DTR) and its shift to a Military-Civil Fusion system of state-sponsored attacks carried out by private contractors.   

Introduction

The Chinese government has a long history of harassing its perceived overseas opponents. Since the 1990s, Chinese authorities have threatened Chinese citizens living abroad who have expressed opposition to the Communist Party’s authoritarian rule. Over the subsequent decades, the Chinese government expanded the range of targets beyond the pro-democracy movement to include other critics of the Communist Party, including members of the Tibetan, Uyghur, Taiwanese, and Hong Kong diasporas, and overseas practitioners of the Falun Gong spiritual movement. In an effort to silence these groups, which the government refers to as the “Five Poisons,” Chinese state security agents and their proxies have physically attacked protesters, threatened the family members of activists, and forcibly returned or kidnapped dissidents or members of persecuted ethnic communities, often with the support of friendly authoritarian governments. 

The CCP has consistently denied that it seeks to silence its critics abroad, dismissing what it terms “the false narrative of ‘transnational repression’.” Instead, the Chinese government has framed its global pursuit of overseas opponents as legitimate law enforcement operations against illegal anti-state activity. Foreign ministry spokespeople have defended the Hong Kong government’s decision to place bounties on exiled pro-democracy activists as “necessary acts to defend China’s sovereignty and security” and “lawful actions against anti-China, destabilizing fugitives overseas and organizations.” Government spokespeople have also described the U.S. Justice Department’s decision to charge forty Chinese police officers with offences related to digitally harassing overseas dissidents as “entirely politically motivated.”

China’s Targeting of the “Five Poisons” 

Under President Xi Jinping (2012-present), China is a leading perpetrator of transnational repression, with documented targeting against Tibetans, Uyghurs, Falun Gong practitioners, Taiwanese independence advocates, and pro-democracy activists. The Chinese government views these groups as the “Five Poisons” and sees them as threatening state security. The Xi administration’s reversion to what observers have described as “personalistic one-man rule,” alongside its emphasis of “comprehensive national security,” have driven this increase in coercion overseas, reinforcing the Chinese government’s long-standing intolerance of political dissent. 

As repression against perceived opponents inside China has intensified, the Xi administration has also expanded the range of individuals targeted abroad. A key component of the Chinese government’s campaign of transnational repression has been the use of digital threats against overseas opponents. Since the late 2000s, individuals and organizations involved in exiled political activism have been remotely surveilled by Chinese state-linked efforts. These efforts have included deploying malware to covertly surveil digital devices used by overseas Tibetan institutions, issuing direct threats via social media against writers and activists documenting the state’s human rights abuses, and using online platforms to amplify intimidation campaigns against foreign political candidates with ties to China or Hong Kong. Beyond the “Five Poisons,” Chinese state-linked actors have subjected women journalists to coordinated online harassment campaigns, while Hong Kong police have placed bounties on exiled pro-democracy activists following the Chinese government’s imposition of the National Security Law on Hong Kong in 2020. These forms of DTR have encouraged self-censorship, fear, and mistrust among victims and wider communities, many of whom worry that their participation in activism abroad risks exposing them to the wrath of Chinese authorities.

The Use of Contractors in China’s Digital Transnational Repression

China’s use of non-state cyber actors dates back to at least the 1990s, when members of “patriotic hacker communities” were included in cyber operations. Over time, the Chinese government integrated skilled individuals into formal state structures, including the People’s Liberation Army (PLA) and the Ministry of State Security (MSS). By the late 2010s, China had developed a more institutionalized model, combining official state forces with private-sector partnerships. Beijing’s approach to digital operations has therefore evolved toward a more distributed model that increasingly depends on commercial actors to strengthen and extend the capabilities of state cyber actors.

This industrialization of cyber capabilities did not emerge organically, but was actively fostered through state policy. In 2017, Xi Jinping elevated Military-Civil Fusion (MCF, 军民融合) to a formal national strategy and personally chaired the newly established Central Commission for Military-Civil Fusion Development. Internationally, the strategy has been viewed as an effort to deliberately blur the line between China’s military and civilian sectors. Under this national security strategy, private companies are required to cooperate with state authorities. MCF created structural incentives for private cybersecurity firms to compete for state contracts, effectively building the legal and institutional scaffolding upon which the contractor ecosystem has developed over the past decade.

Recent evidence suggests that this ecosystem has evolved into a highly industrialized and market-driven ecosystem. Documents leaked from the Chinese contracting firm I-Soon, which was later sanctioned by both the U.S. and the E.U., revealed a system in which private-sector contractors develop offensive cyber tools including spyware, phishing kits, and hardware implants, and sell them to state customers such as the MSS, PLA, and local Public Security Bureaus. The leaks, alongside subsequent disclosures of contractors such as Knownsec, indicate the presence of  a competitive environment in which multiple companies offer capabilities ranging from reconnaissance to social media monitoring to long-term post exploitation activities. In effect, these firms operate as extensions of the state’s cyber capabilities.

The data contained in the I-Soon leaks (Citizen Lab tracks I-Soon as POISON CARP) also highlighted how cost effective this model has been for the Chinese government. Leaked documents reveal numbers that appear modest by Western standards: collecting data from Vietnam’s Ministry of Economy was priced at approximately $55,000 USD, while access to a Vietnamese traffic police website was valued at just $15,000. Additional price and customer lists revealed in the leaks show a volume-driven model focussed on high-volume, lower-cost operations rather than customized, high-end services. This approach is likely not exclusive to I-Soon, as shown by text conversations about the commercial marketplace for offensive tools that were also included in the leaks. 

Legal and criminal proceedings outside China further reinforce the existence of this contractor ecosystem. In an indictment unsealed on September 16, 2020, U.S. authorities charged hackers linked to Chengdu 404 Network Technology, a private cybersecurity firm based in China, with conducting intrusions targeting over 100 victims globally in collaboration with state-affiliated actors. More recently, in March of 2025, the U.S. Department of Justice indicted 12 Chinese nationals alleged to have participated in a “hackers-for-hire” ecosystem operating at the direction of the MSS and Ministry of Public Security (MPS) to “…suppress free speech and dissent globally.” The indictment further alleged that some of these hackers independently carried out intrusions and then sold the data they acquired back to the Chinese government. Notably, the indictment mentioned the Chinese offensive cyber operations firm I-Soon, whose 2024 data leak provided unprecedented insight into both the products and services offered by commercial cyber operators and the internal politics of China’s commercial espionage ecosystem. 

The implications of this industrialized model for communities vulnerable to digital transnational repression are significant. When offensive cyber capabilities can be procured at such low price points, the cost of targeting overseas diaspora communities drops substantially. This further lowers the threshold for governments engaging in transnational repression to conduct widespread campaigns, such as those documented in this report. The outsourcing of operations to private security contractors also provides state actors with a layer of plausible deniability, allowing them to project power while complicating attribution. More broadly, the privatization of cyberwarfare—in China and globally—weakens oversight, heightens security risks, fuels cyber arms races, and ultimately erodes the norms governing conflict and civilian protection. 

Investigating These Attacks

Over the past year, the Citizen Lab, in collaboration with partners around the world, has tracked two distinct groups conducting targeted digital attacks against members of the Tibetan, Uyghur, Taiwanese, and pro-democracy diasporas, as well as international journalists reporting on issues related to these communities. Many of the attacks we observed began following the “China Targets” reporting by the ICIJ, alongside which the Citizen Lab published a separate research report on digital targeting of Uyghur diaspora organizations. These investigations were initiated by ongoing collaboration and outreach, with both journalists and diaspora community members involved in the reporting.  

Based on victimology, prior reporting on the same infrastructure, and technical artefacts of the infrastructure used in these attacks, we assess with high confidence that they were carried out at the request of the Chinese government. These digital attacks highlight the systemic nature of the CCP’s targeting of exile and diaspora communities and demonstrate the lengths to which it will go to control information in support of its ongoing transnational repression campaigns. 

The first group we tracked, which we refer to as GLITTER CARP, conducts phishing attacks that are relentless and broad in scope, sometimes selecting individuals with only peripheral ties to targeted groups. This modus operandi reflects an actor with substantial resources, seemingly unconstrained by the fear of discovery or consequences, and with a clear prioritization of impact over concealment. This is typical of China-based digital targeting. This group has also been observed by security vendor Proofpoint targeting completely unrelated entities, including the Taiwanese semiconductor industry, leading us to assess that this group may be part of the contractor ecosystem and operating based on a series of different, unrelated contracts. 

We refer to the second group as SEQUIN CARP. This group also employs phishing attacks, but we observed it specifically targeting journalists and, in some cases, relying on highly developed personas based on real individuals. Compared to the first group, we observed substantially greater effort devoted to the social engineering aspects of these attacks than to their technical execution, with frequent operational mistakes and inability to pivot to different attack vectors when initial attempts faced complications. The table below outlines the key differences between the two groups and explains why we track them as distinct entities, despite overlap in their targeting. 

[….]

Attribution

Our analysis of the GLITTER CARP and SEQUIN CARP attacks show that digital transnational repression increasingly operates through a distributed network of actors. Research from leaks, government indictments, and other security researchers indicates that this distributed network increasingly includes private contractors acting on behalf of state authorities. We conclude with a high level of confidence that both actors are affiliated with the Chinese government. Firstly, the targets we identified in both GLITTER CARP and SEQUIN CARP align with the intelligence priorities of the Chinese government. In both cases we observed the use of simplified Chinese: on the icjiorg[.]org domain used in some of GLITTER CARP’s attacks and in the SEQUIN CARP X accounts of Hans Witting and Bin Bai. Simplified Chinese is almost exclusively used in mainland China, further indicating that both actors are of Chinese origin. Additionally, in SEQUIN CARP the attackers co-opted a story specifically of Chinese interest and utilized a legitimate Chinese service used to send push notifications in their OAuth attacks. This conclusion is further supported by previous reporting from Proofpoint, Volexity, and TrendMicro, whose findings likewise pointed to operations originating from a Chinese entity. 

The breadth of targeting documented in this report and by others, combined with the available information on China’s past and current use of contractors which mirrors the activity we have observed, suggests with a medium level of confidence that commercial entities hired by the Chinese state may have been behind both clusters of activity described here. In the case of GLITTER CARP, the overlap in infrastructure targeting diaspora members, journalists, and Proofpoint’s observed targeting of the Taiwanese semiconductor industry suggests there are multiple contracts being executed by a single group. The variety of victimology is inconsistent with the work of government operations, who generally work within smaller target pools and focus on targets directly aligned with the Five Year Plan. The SEQUIN CARP attackers repeatedly employed OAuth attacks, even when given the opportunity to employ a different exploit, suggesting they have a limited attack pool to pull from. The limited attack pool suggests that the attackers are working within a constrained budget, which is inconsistent with the budgets of Chinese government and military entities. We acknowledge that while the targeting is consistent with Chinese state interests, it is less likely that a state entity would focus on such a wide variety of targeting in a single operation and would be unable to pivot to different exploits when their first attempt is not successful.

Conclusion

Digital transnational repression remains a method of choice for governments seeking to silence criticism and dissent across borders. These governments use targeted surveillance, malware attacks, coordinated harassment, and information manipulation to control and disrupt the communications of exile and diaspora communities. The Chinese government has been a prolific perpetrator of digital transnational repression for more than two decades. To target diasporas and ethnic minorities overseas, Chinese authorities and threat actors operating in alignment with Beijing’s interests have infected computer systems, deployed spyware to hack smartphones, and implanted malicious code in popular applications. The Citizen Lab’s research has repeatedly shown that digital transnational repression can have severe impacts on targeted individuals and communities, ranging from psychological harm and emotional distress to heightened distrust, social isolation, and self-censorship. 

In this investigation, we have examined two wide-ranging phishing campaigns relying on impersonation and other forms of social engineering to gain access to the email accounts of Uyghur, Tibetan, Taiwanese, and Hong Kong diaspora activists, as well as journalists reporting on activities related to these groups. The activities examined in this report are remarkable for two reasons: the targeting of international journalists who report on China’s repressive practices and the likely outsourcing of these operations to private contractors. 

Transnational repression typically aims to extend a government’s domestic political controls beyond its borders. It operates along national ties, targeting individuals and communities based on their citizenship, ethnic background, or descent as if they were still on home soil. Activists, human rights defenders, and other perceived opponents who challenge their origin state’s interests from abroad are at particular risk. By targeting a network of international journalists whose reporting exposes China’s global practice of repression, the attacks described in this report expand beyond the usual targets–persecuted diaspora groups–to include their allies who work for greater transparency and accountability. These attacks, along with others against human rights organizations, parliamentarians, and lawyers in other countries, reveal how China seeks to control the narrative and silence global criticism of its human rights record.

The outsourcing of digital transnational repression operations creates a profit-driven, competitive marketplace that enables malicious operations to scale up at reduced cost, helping to explain the wide range of targets seen across reporting, ranging from diaspora activists to the Taiwanese semiconductor industry. The expansion of these contractor arrangements, combined with automated harassment and AI-assisted targeting, risks increasing both the sheer number and sophistication of threats against civil society.  

Digital transnational repression against diasporas and their allies likely constitutes just a fraction of this ecosystem’s broader espionage, hacking, and interference activities. Our investigation also revealed several errors in the attackers procedures, a sign of volume-driven operations prioritizing speed and quantity over precision. However, for civil society targets, the consequences of this industrialization are still severe. At-risk groups must contend with a constant stream of potential attacks, forcing them to remain permanently vigilant and diverting critical attention and resources toward digital security. Moreover, the use of impersonation and social engineering undermines the trust and communication networks essential for transnational civil society activism and investigative reporting. Finally, the outsourcing of repressive capabilities provides state actors with plausible deniability, making attribution and accountability even more difficult to achieve. 

Countering this evolving threat landscape and protecting at-risk groups against digital transnational repression will require coordinated action. Diaspora organizations should consistently report incidents and build peer-support systems, while getting access to digital security support and rapid-response networks. Civil society and digital security practitioners, including those in the private sector, should investigate and document digital attacks and share threat intelligence across communities. Governments in countries where targeted exiles and diaspora groups reside should provide funding and resources for digital security while using diplomatic pressure, targeted sanctions, and criminal prosecution to increase the costs for perpetrators, including private contractors who enable these operations. Governments in like-minded democracies also need to strengthen coordination among national cybersecurity institutions to detect and raise public awareness of emerging threats against civil society.