Seeing Red

Scarlet Mimic is a series of sophisticated cyber espionage attacks which targeted Uyghur and Tibetan activists, their supporters, and entities that collect information on such groups.

The attacks, which date back to 2009, have evolved over the past six years to compromise users of Windows, Mac OS, and Android devices, meaning the actors are likely quite sophisticated and powerful.

The Scarlet Mimic attackers compromised their targets primarily through spear-phishing: sending email messages with relevant subject lines and malware--infected decoy files--to individuals who had contact information readily available on the Internet. Once opened, the attackers leveraged known, but modified, exploits to compromise target networks.

Although the attacks specifically targeted Uyghur and Tibetan advocacy, it is highly possible that this group may attack organizations of all kinds.

ThreatSTOP customers are protected against Scarlet Mimic attacks. The ThreatSTOP service deflects spear phishing attacks, so employees never receive the email with infected files, thus removing the human factor.