Security News > 2021 > April > Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad
Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices.
"They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said.
The disclosures come days after the European Union, U.K., U.S., and Canada jointly announced sanctions against several senior officials in China over human rights abuses against Uyghurs in the Chinese province of Xinjiang.
Besides social engineering efforts, the collective leveraged a network of malware-infested websites, both legitimately compromised websites and lookalike domains for popular Uyghur and Turkish news sites, that were used as a watering hole to attract and selectively infect iPhone users based on certain technical criteria, including IP address, operating system, browser, country, and language settings.
Separately, Evil Eye also set up lookalike third-party Android app stores to publish trojanized Uyghur-themed applications such as a keyboard app, prayer app, and dictionary app, which served as a conduit to deploy two Android malware strains ActionSpy and PluginPhantom.
Further investigation into the Android malware families linked the attack infrastructure to two Chinese companies Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. "These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security," the researchers noted.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)