A threat actor aimed to infect mobile phones belonging to senior members of Tibetan groups, including people who worked directly for the Dalai Lama and lawmakers in Tibet's parliament. The threat actor posed as a human rights worker or journalist and contacted victims through WhatsApp. The campaign involved Android browser vulnerabilities and Android and iOS spyware. The tools appeared in similar attacks, discovered in September, carried out against China's Uighur population.