CVE Database Threat Actors Research API Docs

Visit Strobes.co Sign Up for Strobes

CVE Database Threat Actors Research API Docs

Tools

Visit Strobes.co Sign Up for Strobes

Do you like the insights?

Strobes vulnerability intelligence is a key component of their Exposure Management platform that helps organizations understand, prioritize, and address security vulnerabilities more effectively.

© 2026 Strobes Security. All rights reserved.

POISON CARP - Threat Actor Profile & Exploited CVEs | Strobes VI | Strobes VI

Home Threat ActorsPOISON CARP

POISON CARP

Also known as: Earth Empusa, Red Dev 16, Evil Eye

0

Exploited CVEs

Overview

Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators posing as NGO workers, journalists, and other fake personas. The links led to code designed to exploit web browser vulnerabilities to install spyware on iOS and Android devices, and in some cases to OAuth phishing pages. This campaign was carried out by what appears to be a single operator that we call POISON CARP.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions

Search related CVEs Browse all threat actors