Unknown hackers targeted leaders of the exiled Uyghur community last month using Windows spyware, researchers disclosed on Monday.
Citizen Lab, a digital rights research group at the University of Toronto, detailed the espionage campaign. The attack focused on members of the World Uyghur Congress (WUC), an organization representing the Muslim-minority group. For years, Uyghurs have faced surveillance, repression, discrimination, and frequent hacking attempts linked to China’s government.
Google first alerted some WUC members about the hacking activity in mid-March. Following the warnings, the members contacted journalists and Citizen Lab researchers, who then launched a full investigation, according to the report.
Citizen Lab found that the attackers used a phishing email tactic. The hackers impersonated a trusted contact and sent a Google Drive link. The link contained a password-protected compressed file, which held a malicious version of a Uyghur-language text editor.
Although the malware campaign did not use zero-day exploits or advanced mercenary spyware, Citizen Lab highlighted the attackers’ strong social engineering skills. The researchers noted that the hackers demonstrated a deep understanding of the Uyghur community’s habits and communication methods.
Despite the lack of technical sophistication, the campaign’s focus on building trust before delivering malware made it highly effective.
Citizen Lab’s report underscores the continued digital threats facing Uyghur activists, even while living in exile.
