Facebook is trying to fight back against attacks on Uyghur activists, allegedly carried out by Chinese hackers who are wielding potent Android and iPhone malware, the social networking giant announced Wednesday.
Using Facebook, the group, previously dubbed “Evil Eye,” set up fake accounts posing as pro-Uyghur activists and journalists covering their cause. After creating a rapport with their targets, they then sent users links to either malicious websites that were hacked and laced with iOS malware, or to websites they’d created with domains that looked like those of popular Uyghur and Turkish news sites. But the majority of the malicious activity took place outside of Facebook, explained Nathaniel Gleicher, head of security policy at Facebook.
The attacks took place across 2019 and 2020. Targets included activists, journalists and dissidents predominantly among Uyghurs living abroad in the United States, Australia, Canada and Middle Eastern and Central Asian countries. Gleicher said the company is informing those affected. He added that this was “supertargeted” espionage, with targets numbering below 500 on Facebook, and was the inverse of what the social network has seen in broad disinformation campaigns on Facebook. As an indicator of just how targeted the attacks were, the hackers’ code would only install the iPhone malware on a device when they met certain criteria, such as geolocation and language.
Facebook hoping for deterrent
Mike Dvilyanski, Facebook’s head of cyberespionage investigations, told Forbes the malware was “fairly sophisticated,” though there was no evidence they’d used zero-days (unpatched software flaws) in recent attacks, even if they had in past attacks on iOS and Android users. The spyware was able to snoop on almost all data on a device including calls, messages, locations, photos and contacts, and it could listen through the phone by turning the microphone on.
Facebook is hopeful that in calling the hacks out, it will have an effect in deterring the hacker crew. “We did see this group react and change their intensity [when past research on their activities were released] and know they’re sensitive to these disclosures,” said Dvilyanski.
The same hackers were spotted by Google researchers in 2019, also targeting iPhone and Android users from the ethnic Muslim population of China’s far-western province Xinjiang. Western governments, including the United States, have leveled sanctions against Chinese officials and companies involved in the alleged detention of up to a million Uyghurs, and other Muslim minorities, in a vast network of forced labor and “re-education” camps. DJI, the Chinese drone giant, was the latest to have been caught up in the sanctions, as the Commerce Department banned American companies exporting any tech to the company.