Spyware Targets Uyghurs, Tibetans, and Taiwanese Individuals

The National Cyber Security Centre of the UK, alongside international cybersecurity and intelligence organizations, revealed that hackers are employing two types of previously identified spyware to monitor specific groups. These groups include Uyghur, Tibetan, and Taiwanese individuals, as well as civil society organizations. This information stems from a report issued by the Central Tibet Administration (CTA).

The malicious software, identified as MOONSHINE and BADBAZAAR, allows for the infiltration of devices' microphones and cameras. This enables the collection of messages, photos, and location data, facilitating real-time surveillance without the user's knowledge. The CTA report details the capabilities of this spyware.

According to a press release from the NCSC, spyware-infected applications are being used to target individuals and groups globally. These targets are associated with activities perceived as threats to China's stability by the state.

Individuals at high risk include those connected to Taiwan's independence movement, organizations advocating for Tibetan rights, and Uyghur Muslims. Additionally, ethnic minorities from or within China's Xinjiang Uyghur Autonomous Region, democracy advocates, and members of the Falun Gong are also considered vulnerable, as stated in the CTA report.

The hackers utilize applications that mimic popular platforms like WhatsApp and Skype. Other applications are designed as standalone programs to attract potential victims within the targeted communities. Two specific applications, Tibet One and Audio Quran, are available in users' native languages and promoted in online spaces frequented by these communities.

The NCSC reported that the Tibet One app was promoted in Telegram groups and Reddit threads related to the region. Tibet One, an iOS application, was available on the Apple App Store in December 2021 but has since been removed. The NCSC noted that "malicious actors" designed the app to infect users' devices with BADBAZAAR spyware, according to the CTA report.

The Audio Quran app uses MOONSHINE spyware to surveil Uyghurs. It builds trust by incorporating the Uyghur language in its file name and presenting itself as containing content related to the Quran, the primary religious text of Islam, according to the NCSC.

Taiwan has never been under China's control, but Beijing has expressed its desire to unify the island with the mainland, considering military action to achieve this goal. The Uyghurs are a Muslim minority within China. Reports indicate that the Chinese government has detained over a million Uyghurs in reeducation camps for nearly a decade, as noted by the CTA.