Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source Uyghur language text editor.

This incident exemplifies the technical evolution of digital transnational repression and the exploitation of cultural software by state-aligned threat actors, likely linked to the Chinese government.

Infection Chain: Social Engineering Meets Technical Subterfuge

The attack began with a spearphishing email, impersonating a partner organization and referencing Ramadan to build trust.

The email urged WUC members to download and test UyghurEditPP via a Google Drive link. The archive contained a trojanized version of the legitimate software, which, once executed, performed expected text editing functions but also installed a backdoor component named “GheyretDetector.exe”.

This backdoor exploited the trust placed in community-developed tools, a tactic made more effective by the scarcity of Uyghur-language software due to cultural suppression in China.

The malware’s ...