Security News > 2021 > March > Facebook Disrupts Spy Effort Aimed at Uyghurs

Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity.

The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, among other countries, by using fake Facebook accounts for fictitious people sympathetic to the Uyghur community.

Facebook said Wednesday that the group was sending malicious links in Facebook messages that, if clicked, led to espionage-focused malware infections.

"Some of these webpages contained malicious JavaScript code that resembled previously reported exploits, which installed iOS malware known as Insomnia on people's devices once they were compromised," said Mike Dvilyanski, head of cyber-espionage investigations and Nathaniel Gleicher, head of security policy, writing in a joint Facebook posting.

Facebook took down the fake profiles, but it also found websites set up by the group that mimic third-party Android app stores, where they published Uyghur-themed applications.

Analysis on the latest Android malware found that Beijing Best United Technology Co. and Dalian 9Rush Technology Co. are the developers behind some of the tooling deployed by Earth Empusa, according to Facebook.

News URL

https://threatpost.com/facebook-disrupts-spy-uyghurs/165032/