Facebook Disrupts Spy Effort Aimed at Uyghurs

[silversurfer]

Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity.
 
The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, among other countries, by using fake Facebook accounts for fictitious people sympathetic to the Uyghur community. Facebook said Wednesday that the group was sending malicious links in Facebook messages that, if clicked, led to espionage-focused malware infections.
 
The malicious links led to look-alike domains for popular Uyghur and Turkish news sites, according to Facebook, as well as to compromised legitimate websites.
 
“Some of these webpages contained malicious JavaScript code that resembled previously reported exploits, which installed iOS malware known as Insomnia on people’s devices once they were compromised,” said Mike Dvilyanski, head of cyber-espionage investigations and Nathaniel Gleicher, head of security policy, writing in a joint Facebook posting.
 
This was all undertaken with selective targeting, according to the post: “This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser, and country and language settings.”

Read more: Facebook Disrupts Spy Effort Aimed at Uyghurs | Threatpost