The hackers were using malware campaigns to target iOS and Android devices used by Uyghurs living outside China including journalists.
Facebook has removed accounts of hackers possibly backed by the Chinese government for targeting Uyghur community members living abroad.
According to Facebook’s Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, hackers used malicious apps and websites to compromised devices with iOS and Android malware to carry out remote surveillance. Their main targets were journalists and activists.
The company revealed that the cyberattacks weren’t launched directly via Facebook, but the hackers used the platform to distribute links to compromised sites offering malicious apps including:
- Uighur Keyboard
- Uyghurs History
- قۇرئان كەرىم (The Holy Quran)
The list goes on:
A Well-Resourced Operation!
Facebook researchers state that this activity has the hallmarks of a “well-resourced and persistent operation while obfuscating who’s behind it.” Facebook removed over a hundred such accounts created by a group known as Evil Eye, PoisonCarp, or Earth Empusa.
For your information, the Uyghurs come from the north-western region of Xinjiang, China. The targeted members of the community are located in the USA, Canada, Austria, and Turkey.
Hackers Infecting OSes with Advanced Malware
Reportedly, the malware hackers are deploying on Android, and iOS devices have advanced capabilities. These can steal almost anything stored on a compromised device. The hackers use infected websites that the Uyghur activists, journalists, and dissidents originally from Xinjiang but living overseas.
“On our platform, this cyber-espionage campaign manifested primarily in sending links to malicious websites rather than direct sharing of the malware itself,” Dvilyanski wrote in their blog post.
Campaign Going on for Years
Reportedly, hackers used these exploits for the past two years to infect devices and remained active even after detection. As expected, Chinese government representatives denied any involvement in this hacking spree reported by Facebook, Google, and Volexity.