Security News > 2021 > March > Facebook blocks Chinese state hackers targeting Uyghur activists
Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.
The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.
In some cases, they successfully infected Uyghur targets' iOS devices with spyware known as PoisonCarp or INSOMNIA. Before Facebook disrupted their hacking operation, the Chinese state hackers were observed while employing several tactics, techniques, and procedures in attacks targeting Uyghur activists living abroad. These included compromising and impersonating news websites popular among Uyghurs, and using fake Facebook accounts in social engineering attacks while posing as Uyghur community members such as students, journalists, and human rights advocates.
Facebook linked the malware strains to two Chinese companies, Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. The hacking group partially outsourced the development of the Android tooling used in their attacks to the two companies.
In December, Facebook also unmasked Vietnam's APT32 hacking group known for cyberespionage campaigns targeting foreign governments, multi-national corporations, and journalists.
Facebook linked APT32 to Vietnamese IT firm CyberOne Group and added all associated domains with the two entities to a global block list.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)