Uyghur activists, journalists and dissidents targeted on Facebook by Chinese hackers

In a blog post published on March 24, Mike Dvilyanski, Counter Cyberespionage Officer at Facebook, spoke out for detail a vast campaign led by Chinese hackers on the social network. Two groups of hackers have been identified: they are known as Earth Empusa and Evil Eye. They targeted Uyghur activists, journalists and dissidents living abroad. The pirates attempted infect their smartphones with malware to monitor them.

International Uyghurs in the sights of the Chinese government

According to Facebook, most of the victims were Uyghur dissidents living abroad. In Turkey, Kazakhstan, USA, Syria, Australia, Canada and other countries. Mike Dvilyanski specifies that this cyber espionage operation had: “The characteristics of an operation financed by a Chinese government, but impossible to prove it”. Not so surprising when you know that China has been stalking Uyghurs since 2013 …

Hackers tried to redirect their victims with sending links to malicious websites. They did not directly share the malware on the platform. As Mike Dvilyanski points out: “The group set up malicious websites that used domains that resembled popular Uyghur and Turkish news sites”.

In the same category

United States – Russia tensions: towards an American cyber-response?

Presumably, the hackers also compromised existing websites, frequently visited by their targets. A “watering hole” attack that involves placing malicious code in existing sites. The notorious spyware was known as Insomnia.

Hackers created fake Facebook accounts

On Facebook, hackers have created fake accounts to try to pass themselves off as journalists, students, human rights defenders or members of the Uyghur community in order to establish a relationship of trust with the persons concerned. Then the hackers tricked their victims into clicking on links that pointed to malicious sites. Nathaniel Gleicher, director of cybersecurity at Facebook, also spoke on the subject:

During its investigation, Facebook found that Beijing Best United Technology and Dalian 9Rush Technology, two Chinese companies, were at the origin of the development of the tools used by hackers. As soon as the threat was identified, Facebook shared its fears with its counterparts so that they too could detect and stop this operation. The social media giant specifies that the targeted people have been informed, that the sharing of malicious domains has been blocked and that fake accounts have been deleted.

Source link


Please enter your comment!
Please enter your name here