In a new campaign detected in March 2025, senior members of the World Uyghur Conference (WUC) living in exile are targeted by Windows-based malware that can carry out surveillance.
The Spear-Phishing campaign included the use of a troilerized version of a legitimate open source word processing and spell checking tool called Uyghuredit++, developed to support the use of the Uyghur language.
“While there has been no particular advancement in the malware itself, malware delivery has been highly customized to reach target populations, indicating that activities related to this campaign began at least in May 2024,” the Civic Research Institute said in a report Monday.
The investigation was prompted after receiving notification from Google’s warning that the target was on the receiver of government-sponsored attacks, according to the University of Toronto-based Institute for Digital Rights Research. Some of these alerts were sent on March 5th, 2025.
The email message was a spoofing a trusted contact in the partner organization and included a Google Drive link. Click to download a password-protected RAR archive.
Residing in the archive was an addictive version of uyghuredit++ that profiled the compromised Windows system and sent the information to an external server (“tengri.ooguy(.)com”). C++ spyware also has the ability to download additional malicious plugins for those components and execute commands.
The findings are the latest in a series of advanced target attacks targeting the Uyghur diaspora with the aim of implementing digital cross-border oppression.
Threatening actor techniques, a “deep understanding of the target community,” and suggest that the target is consistent with the Chinese government, but it is not known exactly who was behind the attack.
“China’s broad campaign of cross-border oppression targets Uyghur based on ethnic identity and activity,” the Civic Research Institute said.
“The goal of Uyghur surveillance in the diaspora is to control the relationship with their hometowns, the cross-border flow of information on the local human rights situation, and the impact on global public opinion regarding Chinese state policies in the New Jiang.”
