International Uyghur Community Targeted for Cyber-Espionage Through Facebook

By Author: David Wagner
26 0
Although Facebook has been banned in China, the company recently exposed hackers who used the social media platform to lure Uyghur’s into downloading malicious software used for surveillance.

Although Facebook has been banned in China, the company recently exposed hackers who used the social media platform to lure Uyghurs into downloading malicious software used for surveillance.

According to Facebook’s Mike Dvilyanski, Head of Cyber Espionage Investigations, and Nathaniel Gleicher, Head of Security Policy, hackers “targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada, and other countries.” 

“Fake accounts on Facebook [were used] to create fictitious personas posing as journalists, students, human rights advocates, or members of the Uyghur community to build trust with people they targeted and trick them into clicking on malicious links,” wrote Dvilyanski and Gleicher. “This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it.”

The threat used in the attacks is Evil Eye or Earth Empusa. It has been used since 2019 for cyber-espionage attacks against Uyghurs. Popular Uyghur and Turkish websites have been utilized to attract people and potentially infect their iPhones through malware INSOMNIA, exploiting iOS vulnerabilities. Evil Eye also deployed malware called ActionSpy and PluginPhantom, which have been used on fake Android app stores. The malware merges to seemingly legitimate Uyghur-themed applications such as keyboard app, prayer app, and dictionary app. According to Hacker News, such malware links to Chinese companies Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush).

Uyghur comunity are coercerd into into downloading malicious software used for surveillance. (Image via pixabay / CC0 1.0)

Facebook has tried to resolve the problem by notifying industry peers and blocking malicious domains, taking down group accounts that hackers were using, and informing targeted people. 

Although Facebook could not directly link the hackers straight to the Chinese-state, Washington-based cybersecurity firm Volexity published research back in 2019 that claimed:

Uyghur population a major target

“The Uyghur population is and will continue to be a major target for Chinese APT groups. While Uyghurs living within China are already subject to numerous forms of physical and electronic surveillance, it is reasonable to expect they have also been targeted for digital surveillance… The Uyghur diaspora around the world are also primary targets of these digital surveillance operations. These operations can be used to track the movements of Uyghurs outside of China and spy on those they are communicating with. Volexity believes that China has continued to increase the level of effort and sophistication they have put into targeting Uyghurs.”

Uyghur rights activist and member of the U.S. Commission on International Religious Freedom Nury Turkel said to NBC that “knowing your phone can be taken over by state-sponsored hackers is harrowing… This is one of the ways in which China finds a way to create anxiety, sense of despair, sense of hopelessness, sense of insecurity.”

The U.S. and U.K., along with other Western allies, have recently announced sanctions for the human rights abuses committed against Uyghurs in Xinjiang, which have recently been acknowledged as genocide. Estimates are that up to 2 million Uyghurs are detained in re-education camps in Xinjiang. The Chinese Communist Party (CCP) has claimed that the camps prevent religious extremism and terrorism and have retaliated to the U.K. by sanctioning U.K. lawmakers and entities involved in uncovering the Uyghur genocide. 

Follow us on Twitter or subscribe to our email list