By Tsering Dhundup
DHARAMSHALA, July 28: The Tibetan Computer Emergency Readiness Team (TibCERT) has uncovered the first known cell-phone network-level cyberattack targeting a high-ranking Tibetan leader in exile. The incident, detailed in a report released on July 28, marks a new and deeply concerning escalation in cyber threats against the Tibetan exile community.
According to the report titled “Cellular Network Attack,” the targeted Tibetan official, whose identity remains undisclosed for security reasons, received multiple alarming messages on March 14, 2025. The messages read “Welcome to China” and warned of high international roaming charges due to lack of network coverage, despite the official being nowhere near the Chinese border.
This unusual activity triggered an in-depth investigation by TibCERT, which ruled out common causes such as SIM card cloning, mobile phone hacking, or telecom service errors. Experts concluded that the messages were part of a sophisticated cellular network-level attack. The attackers appeared to manipulate signalling protocols and used tools such as IMSI catchers, IPX operators, and HLR queries, methods capable of intercepting location data, tracking movements, and possibly monitoring calls and messages.
The report suggests that the attack was politically motivated and possibly orchestrated by the Chinese government. Notably, it occurred shortly after the release of Voice for the Voiceless, the memoir of His Holiness the 14th Dalai Lama, a book that reaffirmed his lifelong advocacy for human rights and Tibetan autonomy.
The targeted official is known for publicly challenging Chinese narratives on Tibet through opinion pieces and advocacy efforts. Cybersecurity experts believe the attack aimed to intimidate and surveil Tibetan leaders in exile and discourage further activism.
While China has a long track record of cyberattacks against Tibetan institutions and individuals, mainly involving malware and phishing, this marks the first confirmed attack via mobile network infrastructure, raising alarms within the global cybersecurity and human rights communities.
In the meantime, TibCERT advises Tibetans and other high-risk groups to take steps to protect themselves. These include changing both their phone and number if they suspect an attack, disabling older network settings like 2G and 3G, using encrypted messaging apps like Signal, avoiding SMS for two-factor authentication, and installing tools to detect spying activity. TibCERT stresses the need for greater awareness of mobile network threats, especially among human rights defenders and political activists.
TibCERT is now collaborating with Indian telecom providers and international cybersecurity experts to strengthen protections and prevent future incidents.
