Unknown attackers targeted exiled Uyghur community leaders in a recent espionage campaign using Windows spyware, digital rights researchers revealed on Monday.
The investigation, conducted by Citizen Lab, a cybersecurity research center based at the University of Toronto, found that members of the World Uyghur Congress (WUC)—an organization advocating for the Uyghur minority facing sustained persecution and surveillance by the Chinese government—were specifically singled out. In mid-March, Google alerted several WUC members that they had been subjected to attempted hacks, prompting them to reach out to researchers and journalists.
Citizen Lab discovered that the attackers employed social engineering through targeted phishing emails, carefully crafted to appear trustworthy. The messages, posing as correspondence from friendly contacts, contained links to password-protected files on Google Drive. These files appeared to offer a legitimate Uyghur-language text editing program but instead secretly installed spyware onto the victim’s Windows computers.
According to researchers, the attacks did not involve sophisticated hacking techniques such as zero-day exploits or commercial-grade spyware. However, the attackers exhibited an intimate understanding of their intended victims and a high proficiency at leveraging personal trust relationships, reflecting a deeper level of familiarity with the Uyghur diaspora’s internal dynamics.
