Citizen Lab researchers have uncovered a phishing and supply chain attack aimed at members of the Uyghur community living outside of China, particularly targeting leaders of the World Uyghur Congress (WUC).
The attackers posed as trusted contacts and sent emails containing Google Drive links, which led to a malicious version of UyghurEditPP, an open source text editor for the Uyghur language.
This version was backdoored with malware capable of collecting device data, uploading it to a command-and-control server, and downloading further malicious components.
The editor’s developer is known to WUC members, which likely increased the attack's credibility. Although the exact source of the attack remains unidentified, Citizen Lab points out that similar methods have previously been attributed to the Chinese government, which seeks to suppress the Uyghur language and culture.
The targeted individuals avoided compromise thanks to Google's phishing alerts and their own caution. Still, the incident demonstrates a sophisticated understanding of the Uyghur diaspora and raises concerns about future, more advanced attacks.
Citizen Lab warns that such efforts not only threaten individuals but also undermine the tools meant to preserve the Uyghur identity.
Read more...