Security News > 2021 > March > Facebook blocks Chinese state hackers targeting Uyghur activists
Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.
The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.
In some cases, they successfully infected Uyghur targets' iOS devices with spyware known as PoisonCarp or INSOMNIA. Before Facebook disrupted their hacking operation, the Chinese state hackers were observed while employing several tactics, techniques, and procedures in attacks targeting Uyghur activists living abroad. These included compromising and impersonating news websites popular among Uyghurs, and using fake Facebook accounts in social engineering attacks while posing as Uyghur community members such as students, journalists, and human rights advocates.
Facebook linked the malware strains to two Chinese companies, Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. The hacking group partially outsourced the development of the Android tooling used in their attacks to the two companies.
In December, Facebook also unmasked Vietnam's APT32 hacking group known for cyberespionage campaigns targeting foreign governments, multi-national corporations, and journalists.
Facebook linked APT32 to Vietnamese IT firm CyberOne Group and added all associated domains with the two entities to a global block list.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)