Security News > 2021 > May > Hackers Using Fake Foundations to Target Uyghur Minority in China

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems.

The Uyghurs are a Turkic ethnic minority group originating from Central and East Asia and are recognized as native to the Xinjiang Uyghur Autonomous Region in Northwest China.

Earlier this March, Facebook disclosed that it disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices, attributing the "Persistent operation" to a China-based threat actor known as Evil Eye.

In an alternative infection vector observed by the researchers, a fake human rights foundation called the "Turkic Culture and Heritage Foundation" - with its content copied from George Soros-founded Open Society Foundations - was used as a bait to download a.NET backdoor that purports to be a security scanner, only to connect to a remote server and transmit the gathered data, which includes system metadata and a list of installed apps and running processes.

Unsurprisingly, the attackers behind the campaign continue to remain active and evolve its infrastructure, with the group registering two new domains in 2021, both of which redirect to the website of a Malaysian government body called the "Terengganu Islamic Foundation," suggesting the threat actor may have set its sights on targets in Malaysia and Turkey.

"The attacks are designed to fingerprint infected devices ... [and] from what we can tell, these attacks are ongoing, and new infrastructure is being created for what looks like future attacks."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/uzzaDEG6cEg/hackers-using-fake-foundations-to.html