Uyghur Diaspora Group Targeted with Remote Surveillance Malware

April 28, 2025, 7:20 p.m.

Description

Senior members of the World Uyghur Congress (WUC) were targeted by a sophisticated spear phishing campaign aimed at deploying surveillance malware. The attack, discovered in March 2025, involved a trojanized version of a legitimate Uyghur language text editor. The malware enabled remote surveillance, collecting system information and allowing file manipulation. The campaign's infrastructure consisted of two distinct command-and-control clusters, with domains impersonating the legitimate tool's developer. While not technically advanced, the operation demonstrated a deep understanding of the Uyghur community and likely aligns with Chinese government interests. The targeting of exiled Uyghur representatives highlights the ongoing cyber threats faced by diaspora groups.

Date

  • Created: April 28, 2025, 5:09 p.m.
  • Published: April 28, 2025, 5:09 p.m.
  • Modified: April 28, 2025, 7:20 p.m.

Attack Patterns

  • UyghurEditPP backdoor

Additional Informations

  • China