Security News > 2021 > April > Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad
Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices.
"They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said.
The disclosures come days after the European Union, U.K., U.S., and Canada jointly announced sanctions against several senior officials in China over human rights abuses against Uyghurs in the Chinese province of Xinjiang.
Besides social engineering efforts, the collective leveraged a network of malware-infested websites, both legitimately compromised websites and lookalike domains for popular Uyghur and Turkish news sites, that were used as a watering hole to attract and selectively infect iPhone users based on certain technical criteria, including IP address, operating system, browser, country, and language settings.
Separately, Evil Eye also set up lookalike third-party Android app stores to publish trojanized Uyghur-themed applications such as a keyboard app, prayer app, and dictionary app, which served as a conduit to deploy two Android malware strains ActionSpy and PluginPhantom.
Further investigation into the Android malware families linked the attack infrastructure to two Chinese companies Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. "These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security," the researchers noted.
News URL
Related news
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)