BLOG

Uyghur American Association Targeted with Lookalike Website

by | Feb 8, 2021 | Blog, Reputation Defense

Likely a Chinese APT Targeting English-speaking Uyghurs Living in the United States

Nisos researchers identified a domain, UighurWorld[.]com, targeting the Uyghur American Association (UAA), which represents the Uyghur population in the United States. UighurWorld[.]com is an exact visual copy of the official UAA organization site, uyghuraa.org, and was unknown to UAA staff prior to being contacted by Nisos. UAA has been notified and is taking action to mitigate the risk of the unaffiliated site.

Civil society organizations dedicated to advocacy work typically operate on very limited budgets. As a result, cybersecurity is often an afterthought, making these organizations easy targets for nation-states. Nisos believes it is important for technology companies to identify and warn of potential threats whenever possible.

We believe the UighurWorld domain may be part of a threat actor campaign, possibly a Chinese Advanced Persistent Threat (APT), intended to obtain personal data of the English-speaking Uyghur population living in the United States. The campaign appears to focus on those that run and support organizations advocating for Uyghur rights, with the intent of collecting intelligence on members and/or visitors to these sites for the purpose of surveillance.

We arrived at our preliminary findings based on a combination of several characteristics of the activity, including victim selection, capabilities, intent, language, domain schemas, and potential association with known APT infrastructure such as domain imitation, as well as ASNs used previously by Chinese APTs, and manipulated javascript code. The UAA user base fits the profile of Uyghur organizations known to have been targeted by Poison Carp and Evil Eye. In addition, Google Project Zero, Citizen Lab, Lookout, and Volexity have reported hacking campaigns targeting Uyghur activists and organizations.

Further analysis is required to determine the goals and objectives of the campaign associated with the lookalike website. Potential visitors should be warned that UighurWorld[.]com is a visual copy of the official UAA organization site (uyghuraa[.]org) and is NOT affiliated with the Uyghur American Association (UAA). Potential visitors should act appropriately to ensure safety.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks