Poison Carp

Poison Carp, also known as Insomnia, is a threat actor linked to Chinese state-sponsored hacking groups. It has been implicated in various malicious activities, including spyware campaigns against Tibetan minorities. The group's activities were brought to light through analysis of leaked data from iSoon, a Chinese hack-for-hire contractor. Researchers at Recorded Future found documents linking iSoon to Poison Carp, along with other Chinese state hacking groups tracked as RedHotel and RedAlpha. In 2019, the digital rights organization Citizen Lab attributed an attack to Poison Carp. This was based on evidence that included shared IP addresses and references to an Android remote access Trojan previously linked to the group. An IP address found in the iSoon leak was identified as hosting a phishing site used against Tibetans in a hacking campaign in 2019. At the time, Citizen Lab researchers named the hacking group "Poison Carp." The findings suggest that Poison Carp operates alongside RedHotel, RedAlpha, and other Chinese state-sponsored groups, indicating a complex and interconnected landscape of cyber threats. The group's past activities and its association with other high-profile threat actors underscore the significant risk it poses to cybersecurity. Its connection to state-sponsored activities further highlights the geopolitical implications of its operations.