Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware
Essential information
- Published
- 28/04/2025 04:42
- Modified
- 28/04/2025 08:51
- Tags
- 2025-04-28 diaspora targeting digital transnational repression gheyretdetector backdoor remote surveillance spearphishing trojanized software uyghur uyghureditpp trojan world uyghur congress
- Related entities
- 8 observables, 3 techniques (mitre), 2 malware, 3 others
Description
This analysis details a spearphishing campaign targeting senior members of the World Uyghur Congress (WUC) in March 2025. The attackers used a trojanized version of a legitimate Uyghur language text editor to deliver Windows-based malware for remote surveillance. While not technically advanced, the malware delivery was well-customized to reach the Uyghur community. This incident is part of a broader pattern of digital transnational repression against Uyghur diaspora by actors likely aligned with the Chinese government. The malware profiled systems, sent information to remote servers, and could load additional malicious plugins. The campaign demonstrates the ongoing digital threats facing exiled Uyghur communities and the exploitation of software meant to support marginalized cultures.