Uyghur Diaspora Group Targeted with Remote Surveillance Malware
Essential information
- Published
- 28/04/2025 17:09
- Modified
- 28/04/2025 19:20
- Tags
- 2025-04-28 remote access spear-phishing surveillance trojanized application uyghur uyghureditpp backdoor
- Related entities
- 3 techniques (mitre), 1 malware, 1 others
Description
Senior members of the World Uyghur Congress (WUC) were targeted by a sophisticated spear phishing campaign aimed at deploying surveillance malware. The attack, discovered in March 2025, involved a trojanized version of a legitimate Uyghur language text editor. The malware enabled remote surveillance, collecting system information and allowing file manipulation. The campaign's infrastructure consisted of two distinct command-and-control clusters, with domains impersonating the legitimate tool's developer. While not technically advanced, the operation demonstrated a deep understanding of the Uyghur community and likely aligns with Chinese government interests. The targeting of exiled Uyghur representatives highlights the ongoing cyber threats faced by diaspora groups.