A lengthy investigation by cybersecurity researchers uncovers a cyber espionage campaign targeting the oppressed Uyghur community in China. Hackers have been trapping and monitoring smartphones for over seven years.
Uyghurs, oppressed by Beijing, watched by hackers. An important report was published on September 22 by cyber researchers at Check Point Research, detailing a hacking campaign targeting this Muslim community for more than seven years. The cyberattack was attributed to the hacker group Scarlet Mimic, already accused of targeting oppressed minorities such as Uyghurs or Tibetans.
Far from being an ordinary phishing operation, the collective deceived its victims using elements drawn from the Muslim religion: books, PDF images and audio files. When the targeted people open the attachments, it installs malware to monitor activity on their smartphone. Scarlet Mimic probably tricked its victims from highly targeted emails.
The files were written in Arabic or Latin characters, and most of them referred to the resistance against the regime’s oppression. One of the attachments, for example, was based on real people, like a simple photo of Elqut Alime, the new head of a media outlet created by young Uyghurs in exile in Norway.
Full smartphone control
The first cyber espionage attempts started in 2015, but the malware has been modified for years with the aim of making it undetectable. In the end, around twenty variants of the original malware were developed. Criminals could steal sensitive data, make calls, send SMS or track the owner’s position in real time and even record phone calls, all without the knowledge of the victim. Impossible to know the total number of people trapped.
Cyber researchers are generally very reluctant to accuse a state, given the seriousness of this act and the resulting diplomatic consequences. Checkpoint therefore only concludes that Scarlet Mimic is a politically motivated group, even though all the clues all point to the Chinese Communist Party. The power tries to extinguish all independence claims of the Uyghurs, putting them in concentration camps since 2014 and even going as far as forced sterilizations. After the Pegasus scandal, this case is just another example of the new surveillance techniques used by the political powers.
