Surveillance malware is commonly used to track a target’s messages, conversations and location, and this is not the first time that such technology has been used by a country against its own people.
First Published 10th September 2019
The role of cyber security in global geopolitics will only grow.
4 min read | Reflare Research Team
Last week, information security vendor Volexity released a detailed report covering malware that appears to be custom built and deployed for the surveillance of the Uyghur Chinese minority population. In this briefing, we will take a look at the malware, the implications and the power that state actors wield in cyber security.
What happened?
Volexity discovered 11 Uyghur and East Turkistan-related websites that hosted Android and iOS malware designed for surveillance purposes. The same strain of malware was also allegedly sent to Uyghur Android users via Phishing emails. Surveillance malware is commonly used to track a target’s messages, conversations and location. Such information in turn is extremely valuable for preventing, monitoring and suppressing protest movements and rebellions.
What are the implications?
If Veloxity’s findings are correct, and if the list of targets is complete, then it appears that someone has specifically targeted the Uyghur minority for close surveillance. Since the malware used several vulnerabilities that were not previously publicly known, we can assume that a well-funded actor has stood behind its development. The cost of such vulnerabilities on the black market would easily exceed several million US Dollars.
All of this taken together could possibly assert that some branch of the Chinese government stands behind the attacks. Out of the limited number of threat actors with the funding and capability to perform such an attack, the Chinese government may have the strongest and most easily apparent motive for it. It is reported that the central government has been involved in an extensive conflict with the Uyghur minority since the early 1990s.
However, as in all cases involving the identity of threat actors, this is merely correlated evidence. Short of confessions or a leak of government archives, there is virtually no way to assign definite culpability to a state actor.
The power of state actors.
What is clear however is that the role of state actors will continue to increase in the coming decade. While the cost required to state high-level cyber attacks is prohibitive for most criminal cartels, it is a bargain when compared to the military budgets of states.
By investing heavily into cyber warfare, even small state actors can develop significant offensive capabilities and the deterrence that comes with them. And while small hacking collectives or exceptionally skilled individuals can and will always find new unknown vulnerabilities, the high cost that these vulnerabilities catch on the black market leads more and more of them to sell their findings to the highest bidder rather than use it directly.