Facebook Stops Chinese Hackers From Abusing the Platform

  • Facebook has identified Chinese hacking activity on the platform, targeting Uyghurs living abroad.
  • The social media giant has deleted the associated accounts and informed the targeted users.
  • The hackers showcased a high level of sophistication, and they appear to be state-supported.

Facebook has managed to identify the activity of sophisticated Chinese hackers who were abusing the platform systematically and took action against them. According to the relevant report, the actors targeted activists, journalists, and Uyghurs located in Xinjiang, Turkey, Kazakhstan, the United States, Syria, Australia, Canada, and other countries.

This indicates that the hackers are most likely state-sponsored, and based on the indicators seen by Facebook’s threat research team, they belong to the “Evil Eye” group.

The tactics used by the hackers are the following:

  • In some cases, only iOS users who passed certain IP address, OS, browser, and language settings checks were infected with malware.
  • The hackers used cloned Turkish news sites that are popular among Uyghurs and laced them with malicious JavaScript code that installed iOS malware. They also compromised legitimate news sites and launched watering hole attacks.
  • Fake accounts controlled by the hackers launched convincing social engineering attacks.
  • Fake third-party app stores were used to spread two Android malware strains, namely "ActionSpy" and "PluginPhantom."

Facebook has deleted the accounts linked with the Chinese hackers, notified the users who were targeted by them, and blocked the malicious domains from being shared on the platform. Also, industry peers were informed of all the details so that a complete defense action plan may take place.

One thing that proves the level of sophistication and also the involvement of “Evil Eye” is the fact that they were outsourcing malware development to various Chinese software development companies. Facebook mentions Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), two entities that reportedly served as malware and toolset vendors in this particular campaign. This is very interesting and also a clear indication of the motives and operational status of “Evil Eye.”

If you are an Uyghur, or a journalist, or an activist, don’t trust strangers who approach you via DMs, don’t take anything for granted, and don’t believe anything that may be thrown at you. Social engineering is a powerful tool, maybe the most effective of all, so keep that in mind the next time you have someone you don’t know IRL trying to win your trust by saying things that resonate positively with your ideals.

How to Watch Premier League Online: Live Stream 2023/24 Season Games from Anywhere
The 2023/24 English Premier League season began on Friday, August 11, 2023, and conclude on Sunday, May 19, 2024. Living in the...
Shanghai Masters 2023 Live Stream: How to Watch Tennis Online from Anywhere
The 2023 ATP Tour continues this week with one of the most prestigious events of the year set to take place. The...
How to Watch Forged in Fire Season 10 Online from Anywhere
Forged in Fire is an exciting competition show where world-class bladesmiths re-create historical weapons. The show will be available in the US...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari