Facebook disrupts Chinese hackers’ operation targeting journalists
Facebook has taken action against a group of hackers in China who were targeting dissidents, mostly Uyghurs from Xinjiang province, the company’s Cyber Espionage team said on Wednesday.
“Today, we are sharing actions we took against a group of hackers in China known in the security industry as Earth Empusa or Evil Eye – to disrupt their ability to use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet. They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries,” said the company’s head of Cyber Espionage Investigations Mike Dvilyanski and Head of Security Policy Nathaniel Gleicher.
Facebook said it found that the Chinese firms Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), are behind some of the Android malware used by the hackers.
The firm disrupted the Chinese hackers’ operation by blocking malicious domains from being shared on its platform, took down the group’s accounts and notified the targeted individuals.
The miscreants set up malicious websites that used look-alike domains for popular Uyghur and Turkish news sites or they compromised legitimate websites frequently visited by their targets, some websites contained malicious javascript code, the statement said.
“This group used fake accounts on Facebook to create fictitious personas posing as journalists, students, human rights advocates or members of the Uyghur community to build trust with people they targeted and trick them into clicking on malicious links,” it added.
Facebook security experts work to find and stop a wide range of threats including cyber espionage campaigns, influence operations and hacking of their platform by nation-state actors and other groups.
As part of these efforts, their teams disrupt adversary operations by disabling them.
This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.