Facebook Blocks Accounts Of Chinese Hackers Targeting Uighurs Abroad

On Wednesday, Facebook said Chinese-based hackers used its platform to launch a hacking campaign that targeted Uyghurs speaking people abroad.

The threat actors identified, tracked, and sent malicious links to their targets using the Facebook platform.

According to the announcement, the targets also include Uyghur activists, journalists, and dissidents living in Turkey, Canada, Australia, and the U.S.

But the tech giant didn’t blame the Chinese government for the attack, since it doesn’t know who is supporting the hacking activities. “We can see geographic attribution based on the activity, but we can’t actually prove who’s behind the operation,” Facebook stated.

But Facebook acknowledged that the threat actors share similar operational methods with the hacking group cited by cybersecurity firm Volexity in 2019, which has links with the Chinese government.

A published data revealed that the hackers have taken serious steps to spy on Uyghur-speaking Chinese in diasporas.

They utilized highly sophisticated techniques will unknown tools to plant malicious codes on several Uyghur news sites to give them access to spy and hack any mobile device that visits the sites, which are mostly visited by Uyghurs.

Facebook said the threat actors, who are called Evil eye or Earth Empusa in the cybersecurity space, had less than 500 targets, the majority of whom were from the Xinjiang region.

The social media giant said most of the activities of the hackers are not on Facebook, but they still use the portal when sending links to malicious sites.

But the hacking syndicate used fake Facebook accounts to deceive their targets as human rights activists. Students, and journalists who have the interest of the Uyghur people. They do this to develop trust with their targets and deceive them into clicking the malicious links.

Facebook also noted that the accounts of the hacking group have been removed from the platform. It has also blocked any links that share the malicious domain in a bid to stop the spread of the hacking activity. Facebook has also gone a step further to notify users who it believes are targets of such hacking activity

Facebook also revealed that the group used malicious websites with similar domains as popular Turkish and Uyghur news sites. They also designed the malicious sites to look exactly like the legitimate ones to succeed in luring their victims. The group also created sites that mimic Android app stores with Uighur-themed apps, such as dictionary app or prayer apps containing malware.

The investigation by Facebook shows that two Chinese firms – Dalian 9Rush Technology and Beijing Best United Technology – developed the android tools used by the hackers in the attack.

Bt it’s still not clear evidence that the Chinese government is linked to the attack, Facebook stated.

Beijing has always denied reports with China-based hackers or elsewhere. When mails were sent to the Chinese embassy in Washington, it declined to comment about the hacking incidents.

Efforts to reach both Chinese companies called out for the manufacture of the hacking tools have not been successful. When Dalian 9Rush Technology was contacted, the recipient at the other side hung up.

Western governments are increasingly taking a critical look over China’s handling of the minority Uyghur-speaking Chinese citizens. The Chinese government has previously been accused of mass detentions of Muslim Uyghurs in north-western China. The U.S has even described China’s actions against the Uyghurs as homicidal.

But China has always stated that it has not been involved in any false treatments of the minority tribe. It says the activities on the Uyghurs are necessary to fight extremism, as it camps only provides vocational training to the people.

The UN recently reported that about 1 million people, who are predominantly Uyghurs, have been detained in the Xinjiang camps.