He disrupted a network of hackers linked to China who were trying to distribute malware via malicious links shared under false personas told by Facebook. The Social Network’s Cyber Espionage Investigation Team has taken action against the group. They also deactivated their accounts and notified about 500 affected users.
The hackers suspected of being in the Earth Empusa or Evil Eye groups targeted activists, journalists and dissidents. Mainly among Xinjiang Uighurs in China, living abroad in Turkey, Kazakhstan, USA, Syria, Australia and Canada.
Facebook stated that the highly targeted campaign was intended to collect information about these targets by infecting their devices with malicious code for surveillance purposes. Links that have been shared across Facebook include both legitimate links and similar news websites as well as fake Android app stores.
In the case of news websites, Facebook’s chief cyber spy investigator Mike Dvilyanski said. Hackers have been able to compromise legitimate websites frequently visited by their targets in a process known as a waterhole campaign intended to infect devices with malicious software.
Hackers have also created similar domains for Turkish news sites and injected malware that would infect the target device with malware. Similarly, warehouses of similar third-party apps were built to trick targets by downloading Uyghur-themed apps with malicious code. This would enable pirates to exploit the devices they have been installed on.
Facebook said it took steps to hide their activity by infecting only people with iOS malware. During certain technical checks, including IP address, operating system, browser and country and language parameters.
On Facebook, malicious infrastructure has been blocked and accounts have been withdrawn. Facebook said its cyber team first became aware of piracy efforts in mid-2020 based on increased activity on the Facebook platform. Efforts are thought to extend into 2019.
“Measuring impact and intent can be challenging but we do know even for the small number of users around the world, the consequences [of being hacked] can be very high and that is why the team took this so seriously,” said Nathaniel Gleicher, head of security policy for Facebook. “It’s a small number of targets less than 500 for the entire campaign, but only for the aspects that touched Facebook in some way. Most of what that perpetrator did happened on Facebook.”
See Also “Facebook is building an Android-based smartwatch“.