Given that Facebook is banned in China, the company may seem like an unlikely source of information about Chinese hacking campaigns against the country's Uyghur ethnic minority. On Wednesday, though, the company announced that it had identified recent espionage campaigns targeted at the Uyghur community, primarily people living abroad in countries like Australia, Canada, Kazakhstan, Syria, the United States, and Turkey. Facebook says the activity came from the known Chinese hacking group Evil Eye, which has a track record of targeting Uyghurs.
In mid-2020, Facebook found crumbs of evidence about the attacks on its own services: accounts pretending to be students, activists, journalists, and members of the global Uyghur community that attempted to contact potential victims and share malicious links with them. Facebook researchers followed these crumbs outside the company's own ecosystem to Evil Eye's broader efforts to spread malware and track Uyghurs' activity.
“We saw this as an extremely targeted campaign,” says Mike Dvilyanski, who heads Facebook’s cyber espionage investigations. “They targeted specific minority communities and they performed checks to make sure that the targets of that activity fit certain criteria, like geolocation, languages they spoke, or operating systems they used.”
Evil Eye, also known as Earth Empusa and PoisonCarp, is notorious for its unrelenting digital assaults on Uyghurs. Its most recent wave of activity began in 2019 and ramped up in early 2020, even as China plunged into Covid-19-related lockdowns.
Facebook found numerous approaches Evil Eye was taking to reach targets. The group created fake websites that looked like popular Uyghur and Turkish news outlets and distributed malware through them. It also compr ..
Support the originator by clicking the read the rest link below.
