Facebook Moves Against ‘Evil Eye’ Hackers Targeting Uyghurs

Given that Facebook is banned in China, the company may seem like an unlikely source of information about Chinese hacking campaigns against the country’s Uyghur ethnic minority. On Wednesday, though, the company announced that it had identified recent espionage campaigns targeted at the Uyghur community, primarily people living abroad in countries like Australia, Canada, Kazakhstan, Syria, the United States, and Turkey. Facebook says the activity came from the known Chinese hacking group Evil Eye, which has a track record of targeting Uyghurs.

In mid-2020, Facebook found crumbs of evidence about the attacks on its own services: accounts pretending to be students, activists, journalists, and members of the global Uyghur community that attempted to contact potential victims and share malicious links with them. Facebook researchers followed these crumbs outside the company’s own ecosystem to Evil Eye’s broader efforts to spread malware and track Uyghurs’ activity.

“We saw this as an extremely targeted campaign,” says Mike Dvilyanski, who heads Facebook’s cyber espionage investigations. “They targeted specific minority communities and they performed checks to make sure that the targets of that activity fit certain criteria, like geolocation, languages they spoke, or operating systems they used.”

Evil Eye, also known as Earth Empusa and PoisonCarp, is notorious for its unrelenting digital assaults on Uyghurs. Its most recent wave of activity began in 2019 and ramped up in early 2020, even as China plunged into Covid-19-related lockdowns.

visit this site
visit this site right here
visit this web-site
visit this website
visit website
visit your url
visite site
watch this video
web
web link
web site
weblink
webpage
website
website link
websites
what do you think
what google did to me
what is it worth
why not check here
why not find out more
why not look here
why not try here
why not try these out
why not try this out
you can check here
you can find out more
you can look here
you can try here
you can try these out
you can try this out
you could check here
you could look here
you could try here
you could try these out
you could try this out
your domain name
your input here
have a peek at this web-site
Source
have a peek here
Check This Out
this contact form
navigate here
his comment is here
weblink
check over here
this content
have a peek at these guys
check my blog
news
More about the author
click site
navigate to this website
my review here
get redirected here
useful reference
this page
Get More Info
see here
this website
great post to read
my company
imp source
click to read more
find more info
see it here
Homepage
a fantastic read
find this
Bonuses
read this article
click here now
browse this site
check here
original site
my response
pop over to these guys
my site
dig this

Facebook found numerous approaches Evil Eye was taking to reach targets. The group created fake websites that looked like popular Uyghur and Turkish news outlets and distributed malware through them. It also compromised some legitimate websites trusted by Uyghurs living abroad and used these popular sites to spread malware. Chinese hackers have used the technique, known as a “watering hole attack,” before in their mass efforts to surveil Uyghurs. Some of the attackers’ tainted websites used previously discovered JavaScript exploits to install iOS malware known as Insomnia on target devices.

The researchers also found imposter Android app stores set up to look like popular sources of Uyghur-related apps, like community-focused keyboard, dictionary, and prayer apps. Really, these malicious app stores distributed spyware from two Android malware strains known as ActionSpy and PluginPhantom, the latter of which has circulated in various forms for years.

Facebook’s analysis took the company far off of its own platforms. Its cyber espionage investigations team went so far as to trace the Android malware used in the Evil Eye campaigns to two development firms: Beijing Best United Technology Co., Ltd. and Dalian 9Rush Technology Co., Ltd. Facebook says that research from the threat intelligence firm FireEye contributed to its discovery of these connections. WIRED could not immediately reach the two firms for comment. Facebook did not formally draw a connection between Evil Eye and the Chinese government when it announced its findings on Wednesday.

“In this case we can see clear links to the [malware development] firms, we can see geographic attribution based on the activity, but we can’t actually prove who’s behind the operation,” says Nathaniel Gleicher, Facebook’s head of security policy. “So what we want to do is give the evidence that we can prove. And then we know that there’s a broader community that can analyze it and come to the best conclusions based on the patterns and tactics.”

Leave a Reply

Your email address will not be published. Required fields are marked *