This article details two Chinese state-backed phishing campaigns, GLITTER CARP and SEQUIN CARP, targeting journalists and activists via social engineering methods like spoofed identities and fake security alerts. The campaigns primarily use spear-phishing emails and messaging platforms like WhatsApp to harvest credentials and enable further intrusions. The report highlights these operations as a cost-effective method for transnational repression, providing the threat actors with a layer of plausible deniability.
Phishing , Threat Intelligence Report sheds light on Chinese phishing campaigns against journalists, activists April 30, 2026 Share By SC Staff (Adobe Stock) Chinese state-backed freelance hackers have launched a pair of phishing campaigns aimed at journalists and opposition activists in Taiwan, Hong Kong, Tibet, and China's Uyghur region in a span of nine months, according to The Record , a news site by cybersecurity firm Recorded Future. First of the campaigns was GLITTER CARP, which involved the targeting and spoofing of International Consortium of Investigative Journalists members, a report from the Citizen Lab and the ICIJ revealed. Uyghur Canadian activist Mehmet Tohti, who was one of those targeted by the campaign, reported receiving a WhatsApp message claiming to be from a famous Uyghur filmmaker who sought to obtain his email address. While Tohti did not provide his Google credentials upon clicking a link included in the supposed filmmaker's email, he was sent a fake Chinese-language Google security alert. On the other hand, the SEQUIN CARP campaign, which entailed more comprehensive social engineering, was aimed at ICIJ journalist Scilla Alecci and other reporters focused on China-related issues. Such operations have allowed China to not only reduce costs for transnational repression intrusions but also obtain a "layer of plausible deniability," said the report. SC Staff Related Phishing Multi-stage DHL phishing campaign examined SC Staff April 30, 2026 HackRead reports that threat actors have spoofed DHL in a new phishing campaign that employed a multi-step attack chain to siphon users' passwords. Phishing Suspected Russian phishing campaign targets German officials via Signal SC Staff April 29, 2026 The campaign targeted high-profile individuals including German politicians, ministers, military personnel, diplomats, and journalists. Threat Intelligence Social media scam-related losses surge, FTC report finds SC Staff April 29, 2026 TechCrunch reports that financial losses linked to social media scams were reported by the U.S. Federal Trade Commission to have increased eightfold over time, exceeding losses attributed to other methods of fraud used by criminals to trick consumers. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting DNS Spoofing Denial of Service Dictionary Attack Distributed Scans Dumpster Diving Hybrid Attack Information Warfare Password Cracking Reconnaissance You can skip this ad in 5 seconds