jsr on Nostr: NEW INVESTIGATION: Uyghurs far from China's borders are being targeted. Attackers ...
NEW INVESTIGATION: Uyghurs far from China's borders are being targeted.
Attackers impersonated legit software developers & contacted the targets asking for testing help on a language app.
Then they sent a trojan.
Let's talk about why this was clever.
TECHNICAL SOPHISTICATION? NAH.
Technical sophistication of this attack was...meh.
But that's not where the attackers focused.
INTELLIGENCE-DRIVEN? YAH.
They spent their effort carefully crafting credible bait that matched what they knew about their targets:
Trojanizing a legit Uyghur language app was a clever, cynical move.👇
Many marginalized communities struggle with getting fonts & dictionaries to capture their language.
And developer talent is very welcome.
With a lure that credible you don't need to burn your most sophisticated exploits.
Good news in this case: Gmail spotted & blunted the attacks which were only found whey my colleagues worked with vigilant targets to screen for them.
But the theme of China-nexus hacking groups being economical about exposing technical methods (just using minimum necessary stuff) while drawing from (presumably) vast amounts of intelligence and understanding of their targets to craft effective social engineering is something we at the Citizen Lab have tracked for decades.
READ THE FULL REPORT:
By my talented colleagues:
https://citizenlab.ca/2025/04/uyghur-language-software-hijacked-to-deliver-malware/Published at
2025-04-28 17:37:35Event JSON
{
"id": "a0d87b700189172f036ef00fcc193fb9c96db665e86a5611a69ee71d0a56663b",
"pubkey": "609f186ca023d658c0fe019570472f59565c8be1dc163b1541fac9d90aa4e8af",
"created_at": 1745861855,
"kind": 1,
"tags": [],
"content": "NEW INVESTIGATION: Uyghurs far from China's borders are being targeted.\n\nAttackers impersonated legit software developers \u0026 contacted the targets asking for testing help on a language app.\n\nThen they sent a trojan.\n\nLet's talk about why this was clever.\nhttps://blossom.primal.net/c172136b784bbb1559f0ca8345bc1b1072a1ff72c8f03e2432775a5353097b07.png \n\nTECHNICAL SOPHISTICATION? NAH.\nTechnical sophistication of this attack was...meh. \nhttps://blossom.primal.net/6a9e740d311bce1d2afd66ef7390ed0b109f84d4797f1c64be2a9efd4b73fb28.png \nBut that's not where the attackers focused.\n\nINTELLIGENCE-DRIVEN? YAH.\nThey spent their effort carefully crafting credible bait that matched what they knew about their targets:\n\nTrojanizing a legit Uyghur language app was a clever, cynical move.👇\n\nMany marginalized communities struggle with getting fonts \u0026 dictionaries to capture their language.\nhttps://blossom.primal.net/a2287b43d725e1ff5a05d813c251aa12a3e5698ac0a5c83d0a4ca2b13487159f.png \nAnd developer talent is very welcome.\n\nWith a lure that credible you don't need to burn your most sophisticated exploits. \n\nGood news in this case: Gmail spotted \u0026 blunted the attacks which were only found whey my colleagues worked with vigilant targets to screen for them.\n\nBut the theme of China-nexus hacking groups being economical about exposing technical methods (just using minimum necessary stuff) while drawing from (presumably) vast amounts of intelligence and understanding of their targets to craft effective social engineering is something we at the Citizen Lab have tracked for decades.\n\nREAD THE FULL REPORT:\nBy my talented colleagues: https://citizenlab.ca/2025/04/uyghur-language-software-hijacked-to-deliver-malware/",
"sig": "b52106d236f0558298b80fd32fba6be9cbb82f1c594a15309a8e809a945be3a2149b9b35c9cd8f71dfb062a3bd6535c04d020ae6fc10fe7da691b0b23eeb08c4"
}
