Facebook said on Wednesday that it has blocked a group of hackers in China who used the platform to provide links to malware that target Uighurs living abroad, which can infect their devices and monitor them.
The social media company stated that these hackers are known as Uighurs (Earth Empusa) or Evil Eye (Evil Eye) in the security industry. These attackers are mainly Uyghur rights activists, journalists and political dissidents. The Uighurs are mainly Muslims facing persecution in China.
Facebook said that the target is less than 500 people, these people are mainly from Xinjiang, but mainly live abroad, including Turkey, Kazakhstan, the United States, Syria, Australia and Canada.
It said that most hacking activities took place outside of Facebook, and they used the site to share links to malicious websites instead of sharing malware directly on the platform.
Facebook cybersecurity investigators said in a blog post: “This activity has the characteristics of sufficient resources and continuous operation, while covering up behind the scenes.”
Facebook stated that the hacker group used fake Facebook accounts to pretend to be journalists, students, human rights advocates or members of the Uyghur ethnic group in order to build trust in the target and induce them to click on malicious links.
It said that hackers not only used similar domains to create malicious websites for popular Uyghur and Turkish news websites, but they also destroyed legitimate websites visited by the target. Facebook also found that websites created by the organization mimic Uyghur-themed apps (such as prayer apps and dictionary apps) to mimic third-party Android app stores, which contain malware.
Facebook said the investigation found that two Chinese companies, Beijing Best United Technologies and Dalian 9Rush Technologies, had developed Android tools deployed by the company.
The Chinese Embassy in Washington did not immediately reply to the letter, requesting comment on Facebook’s report. Beijing generally denies allegations of cyber espionage.
Reuters could not immediately find the contact information of Dalian 9Rush Technology. A person who answered the phone number listed by Best United Technologies in Beijing hung up.
Facebook stated that it has deleted the organization’s account, which has fewer than 100 accounts, and blocked the sharing of malicious domains, and notified people that it believed to be the target.
Thomson Reuters 2021 ©
Orbital podcasting is undergoing some important changes. We discussed this on the weekly technical podcast Orbital, you can subscribe via Apple Podcast, Google Podcast or RSS, download the episode, or click the play button below.