Kaspersky, Check Point uncover new cyberattack against Uyghur minority
After a year-long investigation, the IT security giants published a report revealing that the attackers tried to install spyware in order to collect information. Meanwhile, the BBC reported that sophisticated AI-powered cameras have been installed at police stations in Xinjiang
Mandi Kogosowski
| 01/06/2021
A demonstration in support of the Uyghurs in Washington, D.C., in May. Photo: REUTERS/Leah Millis
Information security giants Check Point and Kaspersky have tracked an ongoing cyberattack against a group of members of the Uyghur minority in China's Xinjiang province as well as in Pakistan, according to a report published by the companies. According to the findings, the victims were sent malware-containing documents that were disguised as being from the U.N. Human Rights Council and from fictitious human rights organizations.
One of those fictitious organizations, called the "Turkic Culture and Heritage Foundation", presented itself through a supposedly grant-awarding website. The investigators discovered that its design was copied almost in full from that of the Open Society Foundation of George Soros. The site requests users to download a program to verify that their operating system is safe before they enter information connected to the grant request. That program is actually a malware that, from the moment it is installed, enables the attacker to collect almost any information wanted from the computer.
The researchers attributed the attackers "with low to medium confidence" to actors in the Chinese cyber sphere, saying that in their opinion the attack targets the Uyghur minority and organizations that support them, claiming "we have not yet seen all the capabilities of this malware." Lotem Finkelsteen, head of threat intelligence at Check Point, said in response to a question by "The Hill" that "We believe that these cyberattacks are motivated by espionage, with the endgame of the operation being the installation of a back door into the computers of high-profile targets in the Uyghur community."
"Uyghur life is now about generating data"
In recent years, people belonging to the persecuted Uyghur minority have experienced many cyberattacks, in attempts to gather as much information about them as possible. Most of the attacks have been attributed to China or to entities acting on its behalf, as part of the widespread and continuing repression of this community that the U.S. has officially called "genocide and crimes against humanity." Beijing has strongly denied the accusations.
In March, Facebook announced that it had discovered and disrupted a network of malicious actors that used its platform in attempts to hack the mobile phones of hundreds of Uyghurs and install surveillance software. The hackers pretended to be human rights activists, journalists and students in order to gain the trust of the victims and make them click on links that led to the downloading of malicious software. Facebook linked the attack to a Chinese group called Evil Eye.
Last week, the BBC reported that a special camera system operated on the basis of artificial intelligence and facial recognition technologies is now being tested on the Uyghur community in Xinjiang and installed in police stations around the province. Residents of the province are already under constant surveillance, which according to Beijing is essential in an area where separatists interested in an independent Uyghur state have killed hundreds of people in terrorist attacks.
"The Chinese government uses Uyghurs as test subjects for various experiments just like rats are used in laboratories," said an engineer who revealed the existence of the cameras to the BBC's Panorama program, requesting anonymity out of fear for his safety. He added that the camera "is similar to a lie detector but far more advanced technology." Subjects are seated on "restraint chairs" where "your wrists are locked in place by metal restraints, and (the) same applies to your ankles," he said, claiming the software was intended for "pre-judgement without any credible evidence."
Darren Byler from the University of Colorado, who deals with techno-politics of the Uyghur minority, told the BBC that "Uyghur life is now about generating data," adding that residents of Xinjiang have to routinely provide DNA samples to local officials, undergo digital scans and download a government phone app that gathers data including contact lists and text messages. "Everyone knows that the smartphone is something you have to carry with you, and if you don't carry it you can be detained, they know that you're being tracked by it. And they feel like there's no escape."
After a year-long investigation, the IT security giants published a report revealing that the attackers tried to install spyware in order to collect information. Meanwhile, the BBC reported that sophisticated AI-powered cameras have been installed at police stations in Xinjiang
A demonstration in support of the Uyghurs in Washington, D.C., in May. Photo: REUTERS/Leah Millis
Information security giants Check Point and Kaspersky have tracked an ongoing cyberattack against a group of members of the Uyghur minority in China's Xinjiang province as well as in Pakistan, according to a report published by the companies. According to the findings, the victims were sent malware-containing documents that were disguised as being from the U.N. Human Rights Council and from fictitious human rights organizations.
One of those fictitious organizations, called the "Turkic Culture and Heritage Foundation", presented itself through a supposedly grant-awarding website. The investigators discovered that its design was copied almost in full from that of the Open Society Foundation of George Soros. The site requests users to download a program to verify that their operating system is safe before they enter information connected to the grant request. That program is actually a malware that, from the moment it is installed, enables the attacker to collect almost any information wanted from the computer.
The researchers attributed the attackers "with low to medium confidence" to actors in the Chinese cyber sphere, saying that in their opinion the attack targets the Uyghur minority and organizations that support them, claiming "we have not yet seen all the capabilities of this malware." Lotem Finkelsteen, head of threat intelligence at Check Point, said in response to a question by "The Hill" that "We believe that these cyberattacks are motivated by espionage, with the endgame of the operation being the installation of a back door into the computers of high-profile targets in the Uyghur community."
"Uyghur life is now about generating data"
In recent years, people belonging to the persecuted Uyghur minority have experienced many cyberattacks, in attempts to gather as much information about them as possible. Most of the attacks have been attributed to China or to entities acting on its behalf, as part of the widespread and continuing repression of this community that the U.S. has officially called "genocide and crimes against humanity." Beijing has strongly denied the accusations.
In March, Facebook announced that it had discovered and disrupted a network of malicious actors that used its platform in attempts to hack the mobile phones of hundreds of Uyghurs and install surveillance software. The hackers pretended to be human rights activists, journalists and students in order to gain the trust of the victims and make them click on links that led to the downloading of malicious software. Facebook linked the attack to a Chinese group called Evil Eye.
Last week, the BBC reported that a special camera system operated on the basis of artificial intelligence and facial recognition technologies is now being tested on the Uyghur community in Xinjiang and installed in police stations around the province. Residents of the province are already under constant surveillance, which according to Beijing is essential in an area where separatists interested in an independent Uyghur state have killed hundreds of people in terrorist attacks.
"The Chinese government uses Uyghurs as test subjects for various experiments just like rats are used in laboratories," said an engineer who revealed the existence of the cameras to the BBC's Panorama program, requesting anonymity out of fear for his safety. He added that the camera "is similar to a lie detector but far more advanced technology." Subjects are seated on "restraint chairs" where "your wrists are locked in place by metal restraints, and (the) same applies to your ankles," he said, claiming the software was intended for "pre-judgement without any credible evidence."
Darren Byler from the University of Colorado, who deals with techno-politics of the Uyghur minority, told the BBC that "Uyghur life is now about generating data," adding that residents of Xinjiang have to routinely provide DNA samples to local officials, undergo digital scans and download a government phone app that gathers data including contact lists and text messages. "Everyone knows that the smartphone is something you have to carry with you, and if you don't carry it you can be detained, they know that you're being tracked by it. And they feel like there's no escape."
