ReutersMar 25, 2021 12:16:04 AM IS
By Elizabeth Culliford and Raphael Satter
(Reuters) – Facebook Inc said on Wednesday it had blocked a group of hackers in China who were using the platform to target Uyghurs living abroad with links to malware that would infect their devices and allow surveillance.
The social media company said the hackers, known in the security industry as Earth Empusa or Evil Eye, targeted activists, journalists and dissidents who were predominantly Uyghurs, a largely Muslim ethnic group persecuted in China.
According to Facebook, there were fewer than 500 destinations, mostly from the Xinjiang region but mostly overseas in countries like Turkey, Kazakhstan, the United States, Syria, Australia, and Canada.
Most of the hackers’ activity took place outside of Facebook and they used the website to share links to malicious websites instead of sharing the malware directly on the platform.
“This activity had the hallmarks of well-resourced and ongoing surgery while hiding who was behind it,” Facebook cybersecurity investigators said in a blog post. (https://bit.ly/3lLi8wY)
Facebook said the hacking group used fake Facebook accounts to impersonate fictional journalists, students, human rights activists, or members of the Uyghur community in order to build trust in their goals and trick them into clicking malicious links.
Hackers were said to have both set up malicious websites with similar domains for popular Uighur and Turkish news sites, as well as compromised legitimate websites visited by the targets. Facebook also found websites created by the group to mimic third-party Android app stores with Uyghur apps like a prayer app and a dictionary app that contain malware.
Facebook said its investigation found that two Chinese companies, Beijing Best United Technology Co. Ltd. (Best Lh) and Dalian 9Rush Technology Co. Ltd. (9Rush) who developed the Android tool provided by the group.
The Chinese embassy in Washington did not immediately return a message asking for a comment on Facebook’s report. Beijing routinely denies cyber espionage allegations.
Reuters was not immediately able to provide contact information for Dalian 9Rush Technology Co Ltd. to find. A man answering the number given for Beijing Best United Technology Co Ltd hung up.
Facebook said it removed the group’s accounts that were less than 100 and blocked the malicious domains from being released and notified people it believed were targets.
(Reporting by Elizabeth Culliford in New York and Raphael Satter in Washington; editing by Lisa Shumaker)
This story was not edited by Firstpost staff and is generated by automatic feed.
