216.73.216.170

Uyghur Diaspora Group Targeted with Remote Surveillance Malware

· Published 28/04/2025 17:09 · Modified 28/04/2025 19:20

Export JSON

Essential information

Published
28/04/2025 17:09
Modified
28/04/2025 19:20
Tags
2025-04-28 remote access spear-phishing surveillance trojanized application uyghur uyghureditpp backdoor
Related entities
3 techniques (mitre), 1 malware, 1 others

Description

Senior members of the World Congress (WUC) were targeted by a sophisticated spear phishing campaign aimed at deploying malware. The attack, discovered in March 2025, involved a trojanized version of a legitimate language text editor. The malware enabled remote , collecting system information and allowing file manipulation. The campaign's infrastructure consisted of two distinct command-and-control clusters, with domains impersonating the legitimate tool's developer. While not technically advanced, the operation demonstrated a deep understanding of the community and likely aligns with Chinese government interests. The targeting of exiled representatives highlights the ongoing cyber threats faced by diaspora groups.

External references