\n<\/p>\n
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.<\/p>\n
The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur language.<\/p>\n
“Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024,” the Citizen Lab said in a Monday report.<\/p>\n
<\/p>\n
The investigation, according to the digital rights research laboratory based at the University of Toronto, was prompted after the targets received notifications from Google warning that their accounts had been at the receiving end of government-backed attacks. Some of these alerts were sent on March 5, 2025.<\/p>\n
The email messages impersonated a trusted contact at a partner organization and contained Google Drive links, which, when clicked, would download a password-protected RAR archive.<\/p>\n
<\/p>\n
Present within the archive was a poisoned version of UyghurEdit++ that profiled the compromised Windows system and sent the information to an external server (“tengri.ooguy[.]com”). The C++ spyware also comes with capabilities to download additional malicious plugins and run commands against those components.<\/p>\n
The findings are the latest in a series of highly-targeted attacks aimed at the Uyghur diaspora with the goal of conducting digital transnational repression. <\/p>\n
<\/p>\n
It’s not exactly known who was behind the attacks, although the threat actors’ techniques, their “deep understanding of the target community,” and targeting suggest they align with the Chinese government.<\/p>\n
“China’s extensive campaign of transnational repression targets Uyghurs both on the basis of their ethnic identity and activities,” the Citizen Labs said.<\/p>\n
“The goal of the surveillance of Uyghurs in the diaspora is to control their ties to the homeland and the cross-border flow of information on the human rights situation in the region, as well as any influence on global public opinion about the Chinese state’s policies in Xinjiang.”<\/p>\n
Found this article interesting? Follow us on Twitter _\uf099_ and LinkedIn to read more exclusive content we post.\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool Update ID THN:754A79F59447A2FB42616CE24CD695D5 Type thn Published 2025-04-29T05:43:00 Last…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,43,5],"class_list":["post-2111","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=2111\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool Update ID THN:754A79F59447A2FB42616CE24CD695D5 Type thn Published 2025-04-29T05:43:00 Last...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=2111\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-29T02:31:40+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool\",\"datePublished\":\"2025-04-29T02:31:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111\"},\"wordCount\":485,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"thn\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=2111#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111\",\"name\":\"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-29T02:31:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=2111\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2111#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=2111","og_locale":"en_US","og_type":"article","og_title":"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem","og_description":"Security Update News Update Information Title Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool Update ID THN:754A79F59447A2FB42616CE24CD695D5 Type thn Published 2025-04-29T05:43:00 Last...","og_url":"https:\/\/zero.redgem.net\/?p=2111","og_site_name":"zero redgem","article_published_time":"2025-04-29T02:31:40+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=2111#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=2111"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool","datePublished":"2025-04-29T02:31:40+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=2111"},"wordCount":485,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","thn","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=2111#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=2111","url":"https:\/\/zero.redgem.net\/?p=2111","name":"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-29T02:31:40+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=2111#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=2111"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=2111#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/2111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2111"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/2111\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}