In March 2025, a targeted spear-phishing campaign emerged against senior members of the World Uyghur Congress using malware embedded in UyghurEdit++, an open-source tool for the Uyghur language. Despite the malware's simplicity, its customized delivery and deep understanding of the target audience showed advanced planning. Initiated around May 2024, the campaign was revealed after Google sent out warnings of government-backed attacks. The compromised software not only profiles machines but also enables further exploitation, highlighting ongoing digital repression targeting the Uyghur community, likely orchestrated by Chinese state actors.
"Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population..."
"Some of these alerts were sent on March 5, 2025, which led to the investigation of the campaign by Citizen Lab..."
Collection
[
|
...
]