Exiled Uyghur leaders targeted with Windows spyware
a year ago
- #Uyghur-diaspora
- #cybersecurity
- #China-repression
- Senior members of the World Uyghur Congress (WUC) were targeted in a spearphishing campaign in March 2025, delivering Windows-based malware for remote surveillance.
- The malware was disguised as a legitimate Uyghur language text editor, developed by a trusted community member, highlighting the attackers' deep understanding of the target community.
- The campaign, likely aligned with Chinese government interests, began as early as May 2024, showcasing a pattern of exploiting software supporting repressed cultures to target those communities.
- Digital transnational repression is a broader practice used by authoritarian states, including China, to surveil, intimidate, and silence exiled and diaspora communities.
- The Uyghur diaspora faces extensive surveillance and repression, both in China and abroad, with tactics ranging from digital threats to physical harassment and coercion of family members.
- The WUC, as a key representative body of the Uyghur diaspora, is a frequent target of Chinese state reprisals, including espionage, threats, and digital attacks.
- The malware used in the campaign was not highly advanced but was well-customized for the target, with capabilities to profile systems, upload/download files, and execute additional commands via plugins.
- The attack infrastructure included domains with Uyghur cultural significance, further emphasizing the targeted nature of the campaign.
- The incident underscores the ongoing threats faced by the Uyghur diaspora and the need for host states and the private sector to protect vulnerable communities from digital transnational repression.
- Recommendations include downloading software from official sources, verifying publishers, and being cautious of domain impersonation to mitigate risks.