Arab Security Consultants

  • Home
  • Courses
    • EC-Council Programs
    • EC-Council iWeek Courses
    • PECB
      • ISO/IEC 27001 Lead Implementer
      • ISO/IEC 27001 Lead Auditor
    • Cyber Book
  • Organized Events
    • Arab Security Conference
    • Arab Security Cyber WarGames
  • Services
    • CodeRed
    • OhPhish
    • Risk Assessment
    • Social Engineering
    • Identity & Access Security
    • Vulnerability Assessment
    • Penetration Testing
  • Training centers
  • EC-Council with ASC
  • News
  • Contact Us
  • Home
  • News
  • Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

by Ayman Hamam / Wednesday, 30 April 2025 / Published in News

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.

The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur language.

“Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024,” the Citizen Lab said in a Monday report.

The investigation, according to the digital rights research laboratory based at the University of Toronto, was prompted after the targets received notifications from Google warning that their accounts had been at the receiving end of government-backed attacks. Some of these alerts were sent on March 5, 2025.

The email messages impersonated a trusted contact at a partner organization and contained Google Drive links, which, when clicked, would download a password-protected RAR archive.

Present within the archive was a poisoned version of UyghurEdit++ that profiled the compromised Windows system and sent the information to an external server (“tengri.ooguy[.]com”). The C++ spyware also comes with capabilities to download additional malicious plugins and run commands against those components.

The findings are the latest in a series of highly-targeted attacks aimed at the Uyghur diaspora with the goal of conducting digital transnational repression.

It’s not exactly known who was behind the attacks, although the threat actors’ techniques, their “deep understanding of the target community,” and targeting suggest they align with the Chinese government.

“China’s extensive campaign of transnational repression targets Uyghurs both on the basis of their ethnic identity and activities,” the Citizen Labs said.

“The goal of the surveillance of Uyghurs in the diaspora is to control their ties to the homeland and the cross-border flow of information on the human rights situation in the region, as well as any influence on global public opinion about the Chinese state’s policies in Xinjiang.”

  • Tweet
Tagged under: Arab Security Consultants, ASC, C++ spyware., Citizen Lab, cyber attacks, Cyber espionage, digital repression, malware campaign, spear-phishing, State-Sponsored Attacks, transnational repression, Uyghur surveillance, UyghurEdit++

What you can read next

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Persistent Cyber Campaign “Stayin’ Alive” Targets High-Profile Asian Government and Telecom Entities
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Home
  • Contact Us
  • Services
  • Training Centers
  • GET SOCIAL

Arab Security Consultants | Copyright © 2023 All rights reserved.

TOP