China using two new surveillance campaigns to target Uyghurs: Report
New Delhi, Nov 14: Two new surveillance campaigns that are targeting Uyghurs in China have been uncovered by cybersecurity researchers. They include messaging services, prayer time apps and dictionaries, according to the Lookout report citing its Threat Lab.
The two new campaigns are named as BadBazaar and MOONSHINE. The other employs a previously disclosed took MOONSHINE which was discovered by Citizen Lab and observed targeting Tibetan activists in 2019.
While such a surveillance campaign against the Uyghurs has been on for long, it was highlighted when the United Nations Human Rights Commissioner, Michelle Bachelet released her report in August. She said that China had committed serious human rights violations against the Uyghur and other predominantly Muslim communities in Xinjiang Uyghur Autonomous region.
The report said that violations have taken place the context of Chinese government's assertion that it is targeting terrorists among the Uyghur minority with a counter-extremism strategy. This involves the use of so-called Vocational Educational and Training Centres or re-education camps.
In October 50 countries submitted a joint statement to the UN General Assembly condemning the Chinese government's oppression of Uyghurs and other Turkic peoples in East Turkistan.
Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the "pre-criminal" activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang. Some activities that may result in a user being detained include using a VPN, communicating with practicing Muslims abroad, using religious apps, and using certain messaging apps like WhatsApp that are popular outside of China, the report reads.
BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillance ware used in campaigns to surveil and subsequently detain individuals in China. Their continued development prevalence on Uyghur-language social media platforms indicates that ate these campaigns are ongoing and that the threat actors have successfully infiltrated online Uyghur communities to distribute their malware.
The campaign appears to primarily target Uyghurs in China. However, we found evidence of broader targeting of Muslims and Uyghurs outside of Xinjiang. Specifically, several of the samples we analyzed masqueraded as mapping apps for other countries with significant Muslim populations, like Turkey or Afghanistan. We also found that a small subset of apps was submitted to the Google Play store, indicating that the threat actor was interested in targeting Android device users outside of China, if possible. To the best of our knowledge, the apps described in this article were never distributed through Google Play, an ANI report citing the latest report added.