Security News > 2021 > March > Facebook blocks Chinese state hackers targeting Uyghur activists

Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.

The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.

In some cases, they successfully infected Uyghur targets' iOS devices with spyware known as PoisonCarp or INSOMNIA. Before Facebook disrupted their hacking operation, the Chinese state hackers were observed while employing several tactics, techniques, and procedures in attacks targeting Uyghur activists living abroad. These included compromising and impersonating news websites popular among Uyghurs, and using fake Facebook accounts in social engineering attacks while posing as Uyghur community members such as students, journalists, and human rights advocates.

Facebook linked the malware strains to two Chinese companies, Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. The hacking group partially outsourced the development of the Android tooling used in their attacks to the two companies.

In December, Facebook also unmasked Vietnam's APT32 hacking group known for cyberespionage campaigns targeting foreign governments, multi-national corporations, and journalists.

Facebook linked APT32 to Vietnamese IT firm CyberOne Group and added all associated domains with the two entities to a global block list.

News URL

https://www.bleepingcomputer.com/news/security/facebook-blocks-chinese-state-hackers-targeting-uyghur-activists/