Chinese-speaking hackers are masquerading as the United Nations in ongoing cyber-attacks against Uyghurs, according to the cybersecurity firms Check Point and Kaspersky.
Researchers identified an attack in which hackers posing as the UN Human Rights Council send a document detailing human rights violations to Uyghur individuals. It is in fact a malicious Microsoft Word file that, once downloaded, fetches malware: the likely goal, say the two companies, is to trick high-profile Uyghurs inside China and Pakistan into opening a back door to their computers.
“We believe that these cyber-attacks are motivated by espionage, with the endgame of the operation being the installation of a back door into the computers of high-profile targets in the Uyghur community,” said Lotem Finkelstein, head of threat intelligence at Check Point, in a statement. “The attacks are designed to fingerprint infected devices, including all of [their] running programs. From what we can tell, these attacks are ongoing, and new infrastructure is being created for what look like future attacks.”
Hacking is a frequently used weapon in Beijing’s arsenal, and particularly in its ongoing genocide against Ugyhurs, which uses cutting-edge surveillance both in the real world and online. Recent reporting by MIT Technology Review shed new light on another sophisticated hacking campaign that targeted members of the Muslim minority.
In addition to pretending to be from the United Nations, the hackers also built a fake human rights organization called the “Turkic Culture and Heritage Foundation,” according to the report. The group’s fake website offers grants—but in fact, anybody who attempts to apply for a grant is prompted to download a false “security scanner” that is in fact a back door into the target’s computer, the researchers explained.
“The attackers behind these cyber-attacks send malicious documents under the guise of the United Nations and fake human rights foundations to their targets, tricking them into installing a backdoor to the Microsoft Windows software running on their computers,” the researchers wrote. This allows the attackers to collect basic information they seek from the victim’s computer, as well as running more malware on the machine with the potential to do more damage. The researchers say they haven’t yet seen all the capabilities of this malware.
The code found in these attacks couldn’t be matched to an exact known hacking group, said the researchers, but it was found to be identical to code found on multiple Chinese-language hacking forums and may have been copied directly from there.