29 May Chinese hackers-campaign to infect, surveil user devices
According to Facebook, Chinese hackers-campaign to infect and spy on users’ devices. Malicious links uploaded under false personas were being used by the hackers to spread malware. Facebook announced that it had stopped a network of Chinese hackers. They were attempting to spread malware via harmful links shared under false identities.
The cyberespionage investigations team at Facebook has taken action against the group. They disabled their accounts and alerted the approximately 500 users who were targeted.
The Chinese hackers-campaign to infect and thought to be members of the Earth Empusa or Evil Eye groups. They were mostly targeting Uyghurs from Xinjiang in China who live in Turkey, Kazakhstan, the United States, Syria, Australia, and Canada.
Chinese hackers-campaign to infect:
The highly targeted campaign, according to Facebook, was designed to gather information about these targets. They do this by infecting their devices with malicious malware for surveillance reasons. Thus, Facebook post links to both authentic and lookalike news websites, as well as fraudulent Android app shops.
Hence, in the case of the news websites, Mike Dvilyanski, Facebook’s head of cyber espionage investigations has claimed the hackers were able to breach genuine websites. They are often visited by their targets in a procedure known as a watering hole operation aimed at infecting devices with malware.
Additionally, the hackers built spoof domains for Turkish news websites and put malicious code into them, infecting the target’s device with malware. Third-party imitation app shops were also created to deceive targets into installing Uyghur-themed apps. They contained malicious code that allowed hackers to infect the devices.
The group took pains to hide its activity only infecting people with iOS malware. If they passed specific technical checks, such as IP address, operating system, browser, and country and language settings.
On Facebook, the accounts were deactivated and the malicious infrastructure was banned. Based on increased activity on the Facebook network, Facebook’s cyber team first became aware of the hacking activities in mid-2020. The efforts extend back to 2019.
“Measuring impact and intent can be difficult, but we know that even for a small number of users throughout the world, the repercussions [of being hacked] may be severe, which is why the team took this so seriously,” said Nathaniel Gleicher, Facebook’s head of security policy. “It’s a modest number of targets, less than 500 for the total campaign. It’s only for the components that had some sort of interaction with Facebook. The majority of this threat actor’s actions were outside of Facebook.”