Uyghur leaders subjected to malware attack

Attacks involving a Windows-based surveillance malware have been launched against multiple senior members of the World Uyghur Congress as part of a new spear-phishing campaign discovered in early March, The Hacker News reports. Suspected Chinese state-backed threat actors impersonated a contact at one of the WUC's partner organizations in emails with Google Drive links that facilitated the download of a password-protected RAR archive containing a trojanized iteration of the UyghurEdit++ word processing tool, according to a Citizen Lab report. Aside from conducting Windows system profiling, the UyghurEdit++ spyware also facilitated the retrieval of illicit plugins and commands. Uyghurs have long been subjected to highly targeted Chinese attacks. "The goal of the surveillance of Uyghurs in the diaspora is to control their ties to the homeland and the cross-border flow of information on the human rights situation in the region, as well as any influence on global public opinion about the Chinese state's policies in Xinjiang," said Citizen Labs.