CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
A new report from Citizen Lab has uncovered a spearphishing campaign targeting senior members of the World Uyghur Congress (WUC) living in exile. The attackers utilized a trojanized version of UyghurEditPP, a legitimate open-source text editor designed to support the Uyghur language, to deliver Windows-based malware. This campaign highlights the concerning trend of digital transnational repression, where software intended to empower repressed communities is instead weaponized against them. The method involved impersonating a known contact from a partner organization of the WUC to deliver a Google Drive link containing the malicious file.
Once the infected UyghurEditPP was executed, a hidden backdoor would silently gather system information, including the machine name, username, IP address, and operating system version. This data was then transmitted to a remote command-and-control (C2) server, allowing the attackers to perform various malicious actions, such as downloading files or uploading additional malicious plugins. Citizen Lab researchers noted that the attackers displayed a deep understanding of the target community, using culturally significant Uyghur and Turkic language terms in the C2 infrastructure to avoid raising suspicion.
Researchers believe that state-aligned actors are behind this campaign, reflecting a broader pattern of Chinese government actors targeting the Uyghur community. While the malware itself wasn't particularly advanced, the campaign showcased a high level of social engineering. The discovery emphasizes the ongoing threats faced by the Uyghur diaspora and the need for increased vigilance against digital surveillance and hacking attempts. This incident adds to the growing evidence of digital transnational repression, where governments use digital technologies to surveil, intimidate, and silence exiled communities.
ImgSrc: blogger.googleu
References :
Once the infected UyghurEditPP was executed, a hidden backdoor would silently gather system information, including the machine name, username, IP address, and operating system version. This data was then transmitted to a remote command-and-control (C2) server, allowing the attackers to perform various malicious actions, such as downloading files or uploading additional malicious plugins. Citizen Lab researchers noted that the attackers displayed a deep understanding of the target community, using culturally significant Uyghur and Turkic language terms in the C2 infrastructure to avoid raising suspicion.
Researchers believe that state-aligned actors are behind this campaign, reflecting a broader pattern of Chinese government actors targeting the Uyghur community. While the malware itself wasn't particularly advanced, the campaign showcased a high level of social engineering. The discovery emphasizes the ongoing threats faced by the Uyghur diaspora and the need for increased vigilance against digital surveillance and hacking attempts. This incident adds to the growing evidence of digital transnational repression, where governments use digital technologies to surveil, intimidate, and silence exiled communities.
ImgSrc: blogger.googleu
Share:
References :
- The Citizen Lab: Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware
- securityonline.info: Weaponized Uyghur Language Software: Citizen Lab Uncovers Targeted Malware Campaign
- techcrunch.com: Citizen Lab says exiled Uyghur leaders targeted with Windows spyware
- securityonline.info: Researchers at Citizen Lab have exposed a spearphishing campaign targeting senior members of the
- The Hacker News: Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
- thecyberexpress.com: Text Editor Used in Targeted Uyghur Spying
- The Register - Software: Open source text editor poisoned with malware to target Uyghur users
- The Hacker News: Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
- Security Risk Advisors: State-aligned actors trojanized UyghurEdit++ to target diaspora via phishing. Backdoor exfiltrates system data and downloads plugins. #Uyghur #ThreatIntel
- citizenlab.ca: 🚩 Trojanized UyghurEdit++ Text Editor Used to Target Uyghur Diaspora With Windows Surveillance Malware
- The Cyber Express: Trojanized Text Editor Software Used in Targeted Uyghur Spy Campaign
- hackread.com: China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.…
- Security Risk Advisors: State-aligned actors trojanized UyghurEdit++ to target diaspora via phishing. Backdoor exfiltrates system data and downloads plugins. #Uyghur #ThreatIntel
- www.scworld.com: Uyghur leaders subjected to malware attack