Facebook said Thursday it disrupted Chinese hackers who sought to infiltrate Facebook users’ accounts and distribute malware, primarily among Uyghur users.
The cyber espionage campaign hid who was behind it, but Facebook identified the hackers as a group in China known as Earth Empusa or Evil Eye, wrote Mike Dvilyanski, Facebook head of cyber espionage investigations, and Nathaniel Gleicher, Facebook head of security policy.
“They targeted activists, journalists, and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries,” Mr. Dvilyanski and Mr. Gleicher wrote on Facebook’s blog. “This group used various cyber espionage tactics to identify its targets and infect their devices with malware to enable surveillance.”
To accomplish their task, the hackers used look-alike websites for popular Uyghur and Turkish news sites and compromised legitimate websites with malicious code that enabled malware installation on victims’ devices, according to Facebook. The hackers also posed on Facebook using fake accounts to appear to be journalists, human rights advocates and students to build trust among their targeted victims who they wanted to surveil.
“We shared our findings and threat indicators with industry peers so they too can detect and stop this activity,” Mr. Dvilyanski and Mr. Gleicher wrote. “To disrupt this operation, we blocked malicious domains from being shared on our platform, took down the group’s accounts, and notified people who we believe were targeted by this threat actor.”
Facebook’s announcement that it took action against hackers manipulating its platforms to surveil victims comes one day before the House Energy and Commerce Committee questions Facebook CEO Mark Zuckerberg about alleged misinformation and disinformation online.
Copyright © 2021 The Washington Times, LLC.