Attackers hacked Facebook, in order to spy their victims’ computers. The company announced it disrupted a network using the platform to target the Uyghur community. So, they used to lure its members into downloading malicious software. Then, the software would allow surveillance of the infected devices.
Chinese hacked Facebook
Mike Dvilyanski, Head of Cyber Espionage Investigations, and Nathaniel Gleicher, Head of Security Policy at Facebook explained everything.
“They targeted activists, journalists and dissidents predominantly among Uyghurs (…) primarily living abroad,” Dvilyanski and Gleicher said. Thus, the two specialists mentioned that attackers used various cyber espionage tactics in order to identify their targets.
According to Facebook, the “persistent operation” might belong to Evil Eye. Also known as or Earth Empusa, this is a China-based collective with a long history of espionage attacks against the Muslim minority. It started acting two years ago, via “strategically compromised websites.” In fact they were trying to gain access to Gmail.
Sanctions for the Chinese officials
The disclosure comes just a few days after E.U., U.K., U.S., and Canada announced sanctions against officials in China. These were linked to the human rights abuses against Uyghurs in the Xinjaing province.
So, most of the Evil Eye’s members were trying to post as journalists, students or even members of the Uyghur community. Thus, they tried to build trust with their victims before luring them into clicking on malicious links.
The group that hacked Facebook built a malware-infested network of websites and lookalike domains. So, they used mostly popular Uyghur and Turkush news websites.
Then, they attracted and selectively infected iPhone users based on their IP addresses, OS, browser, country and language settings.
Moreover, some of the pages “contained malicious javascript code that resembled previously reported exploits.” Those installed iOS malware known as INSOMNIA on the affected devices .
Insomnia comes with capabilities to exfiltrate data from a variety of iOS apps, such as contacts, location, and iMessage, as well as third-party messaging clients from Signal, WhatsApp, Telegram, Gmail, and Hangouts.
