Facebook Stops Chinese Hackers From Abusing the Platform
- Facebook has identified Chinese hacking activity on the platform, targeting Uyghurs living abroad.
- The social media giant has deleted the associated accounts and informed the targeted users.
- The hackers showcased a high level of sophistication, and they appear to be state-supported.
Facebook has managed to identify the activity of sophisticated Chinese hackers who were abusing the platform systematically and took action against them. According to the relevant report, the actors targeted activists, journalists, and Uyghurs located in Xinjiang, Turkey, Kazakhstan, the United States, Syria, Australia, Canada, and other countries.
This indicates that the hackers are most likely state-sponsored, and based on the indicators seen by Facebook’s threat research team, they belong to the “Evil Eye” group.
The tactics used by the hackers are the following:
- In some cases, only iOS users who passed certain IP address, OS, browser, and language settings checks were infected with malware.
- The hackers used cloned Turkish news sites that are popular among Uyghurs and laced them with malicious JavaScript code that installed iOS malware. They also compromised legitimate news sites and launched watering hole attacks.
- Fake accounts controlled by the hackers launched convincing social engineering attacks.
- Fake third-party app stores were used to spread two Android malware strains, namely "ActionSpy" and "PluginPhantom."
Facebook has deleted the accounts linked with the Chinese hackers, notified the users who were targeted by them, and blocked the malicious domains from being shared on the platform. Also, industry peers were informed of all the details so that a complete defense action plan may take place.
One thing that proves the level of sophistication and also the involvement of “Evil Eye” is the fact that they were outsourcing malware development to various Chinese software development companies. Facebook mentions Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), two entities that reportedly served as malware and toolset vendors in this particular campaign. This is very interesting and also a clear indication of the motives and operational status of “Evil Eye.”
If you are an Uyghur, or a journalist, or an activist, don’t trust strangers who approach you via DMs, don’t take anything for granted, and don’t believe anything that may be thrown at you. Social engineering is a powerful tool, maybe the most effective of all, so keep that in mind the next time you have someone you don’t know IRL trying to win your trust by saying things that resonate positively with your ideals.