Facebook has removed a group of Chinese hackers, according to the famous social media platform the hackers have targeted members of the Uighur community residing overseas. It has been reported that cybercriminals used malicious websites and applications to infect devices and enable remote monitoring, with reporters and activists targeted.
The said hacking group is known to security researchers as “Earth Empusa,” “Evil Eye” or “Poison Carp” which attacked more than 500 people on Facebook, which includes people residing overseas in the United States, Turkey, Syria, Australia, and Canada. Using the means of false accounts on Facebook, the hackers pretended as activists, journalists, and other compassionate figures in order to direct their targets to infected websites beyond Facebook.
Moreover, Facebook’s security and cyber espionage teams started observing the activity in 2020 and decided to reveal the threat openly to maximize the impact on the hackers, which has shown sensitivity to public revelations in the past.
Furthermore, in this case, the hackers’ criminal activities were meticulous and multifaceted. The hackers created false accounts on Facebook to pretend as the members of the Uygur community to try and deceive their victims into clicking on links to infected websites.
“This activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it. On our platform, this cyber-espionage campaign manifested primarily in sending links to malicious websites rather than direct sharing of the malware itself. We saw this activity slow down at various times, likely in response to our and other companies’ actions to disrupt their activity”, Facebook commented.
Upon clicking or downloading those fake apps, the devices of the targeted people were infected, the hackers used two strains of Android trojan malware, ActionSpy, and PluginPhantom. On iOS devices, the cybercriminals used malware recognized as Insomnia.