Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.

cross-posted from: https://lemmy.sdf.org/post/33521349

Archived

*Key Findings *

  • In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote surveillance against its targets.
  • The malware was delivered through a trojanized version of a legitimate open source word processing and spell check tool developed to support the use of the Uyghur language. The tool was originally built by a developer known and trusted by the targeted community.
  • Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024.
  • The ruse employed by the attackers replicates a typical pattern: threat actors likely aligned with the Chinese government have repeatedly instrumentalized software and websites that aim to support marginalized and repressed cultures to digitally target these same communities.
  • This campaign shows the ongoing threats of digital transnational repression facing the Uyghur diaspora. Digital transnational repression arises when governments use digital technologies to surveil, intimidate, and silence exiled and diaspora communities.

[…]

The Uyghur diaspora, alongside Tibetans and, more recently, exiles from Hong Kong, is one of China’s primary targets for transnational repression. In their homeland, the Xinjiang region in northwestern China (which most Uyghurs prefer to call by its historical name East Turkestan), Uyghurs and other Turkic minorities are forced to live under a high-tech police state, built on a sweeping system of mass surveillance, mobility controls, and internment camps, as well as a comprehensive control over their cultural and religious life. Chinese authorities follow individuals even outside China, targeting Uyghurs living in exile or in the diaspora with tactics ranging from physical attacks and extradition requests to digital threats and surveillance. China’s extensive campaign of transnational repression targets Uyghurs both on the basis of their ethnic identity and activities. Diaspora members who engage in human rights advocacy and raise international awareness on China’s suppression of their culture and community draw particular attention from Chinese authorities.

[…]