Security News > 2021 > April > Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad
Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices.
"They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said.
The disclosures come days after the European Union, U.K., U.S., and Canada jointly announced sanctions against several senior officials in China over human rights abuses against Uyghurs in the Chinese province of Xinjiang.
Besides social engineering efforts, the collective leveraged a network of malware-infested websites, both legitimately compromised websites and lookalike domains for popular Uyghur and Turkish news sites, that were used as a watering hole to attract and selectively infect iPhone users based on certain technical criteria, including IP address, operating system, browser, country, and language settings.
Separately, Evil Eye also set up lookalike third-party Android app stores to publish trojanized Uyghur-themed applications such as a keyboard app, prayer app, and dictionary app, which served as a conduit to deploy two Android malware strains ActionSpy and PluginPhantom.
Further investigation into the Android malware families linked the attack infrastructure to two Chinese companies Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. "These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security," the researchers noted.
News URL
Related news
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- Chinese cyberspies use new SSH backdoor in network device hacks (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)