Malware originating in China targeting Uyghur activists an attempt to control Uyghur sources of information about East Turkestan
For immediate release
July 03, 2012, 12:05 pm EST
Contact: Uyghur American Association +1 (202) 478 1920
Security researchers at Kaspersky Lab recently announced a Mac-based Trojan originating in China has targeted Uyghur activists in an attempt to collect information about Uyghur activities conducted overseas. The Uyghur American Association (UAA), which is a frequent target of virus emails, believes the surveillance of Uyghur organizations outside of China is part of an effort to silence a Uyghur narrative of conditions in East Turkestan that contradicts official versions.
Western media reported that Kaspersky researchers uncovered an email campaign containing the Trojan on June 27, 2012, which was described as “highly targeted.” According to a July 2, 2012 article on the Help Net Security website, once the application is executed “it installs itself and contacts a C&C [command and control] server located on an IP address in China. The backdoor then allows the attackers to list files, extract and send them to the remote server and, in general, to run a number of commands on the affected machine.”
UAA President Alim Seytoff stated, “China has for a very long time been able to control how news in East Turkestan is reported. Often when there is a serious incident in the region, the only details that emerge are from the official media.”
“As we approach the third anniversary of the July 5 unrest in Urumchi, we should be mindful of the extent to which the Chinese government is concerned about its ability to control information. The 10-month Internet blackout that followed the bloodshed in Urumchi and the harsh jailing of Uyghur webmasters should leave no one in two minds about the price of telling the truth in East Turkestan.”
“The latest news of attacks on Uyghur organizations overseas illustrates that China now wants focus on how Uyghurs outside of China are exposing conditions in East Turkestan. The impunity with which the Chinese believe they can act is breathtaking.”
Chinese cyber espionage focused on human rights groups, technology companies, government entities and militaries outside of China is well documented. Tibetan activists have frequently been targets of Chinese malware and a May 2012 U.S. Department of Defense report described Chinese cyber espionage as one of “the world’s most active and persistent.” The report also detailed how most cyberattacks on U.S. military computers stem from China.
At the release of a March 2012 U.S.-China Economic and Security Review Commission report on Chinese cyber espionage, Chairman Dennis Shea said, “The United States suffers from continual cyber-operations sanctioned or tolerated by the Chinese government.” Commissioner Michael Wessel added, “It’s getting harder and harder for China’s leaders to claim ignorance and innocence as to the massive electronic reconnaissance and cyber intrusions activities directed by Chinese interests at the U.S. government and our private sector.”
The websites of the Uyghur American Association, the Uyghur Human Rights Project, the World Uyghur Congress and the International Uyghur Human Rights and Democracy Foundation are regularly hacked and staff at these organizations report receiving virus laden emails in their inboxes on a daily basis. Uyghurs living overseas have not only been targeted online, but have also described intimidation by Chinese authorities amounting to a campaign that aims to gather information or silence dissent. Uyghurs in Australia, Sweden, Germany, Pakistan and the United States have all been targeted. In many cases, Uyghurs were coerced into reporting on the activities of Uyghur activists and organizations. The Chinese State Security Bureau told U.S.-based Uyghur businessman Parhat Yasin that his children would be released from house arrest if he cooperated.
See also: