“China is expanding their digital surveillance outside their borders,” he said. “It seems like it really is going after the diaspora.”

Another group of researchers, at the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto, recently uncovered an overlapping effort, using some of the same code discovered by Google and Volexity. It attacked the iPhones and Android phones of Tibetans until as recently as May.

Using WhatsApp messages, Chinese hackers posing as New York Times reporters and representatives of Amnesty International and other organizations targeted the private office of the Dalai Lama, members of the Tibetan Parliament and Tibetan nongovernmental organizations, among others.

Lobsang Gyatso, the secretary of TibCERT, an organization that works with Tibetan organizations on cybersecurity threats, said in an interview that the recent attacks were a notable escalation from previous Chinese surveillance attempts.

For a decade, Chinese hackers blasted Tibetans with emails containing malicious attachments, Mr. Lobsang said. If they hacked one person’s computer, they hit everyone in the victim’s address books, casting as wide a net as possible. But in the last three years, Mr. Lobsang said, there has been a big shift.

“The recent targeting was something we haven’t seen in the community before,” he said. “It was a huge shift in resources. They were targeting mobile phones, and there was a lot more reconnaissance involved. They had private phone numbers of individuals, even those that were not online. They knew who they were, where their offices were located, what they did.”