You can now find Cyber Kendra on Google News | Telegram

Chinese Cyber Spies Attack Facebook Users

Hackers used Facebook to spread links to malicious sites as part of watering hole attacks.

Information security experts from Facebook spoke about the Chinese hacker group Earth Empusa (also known as Evil Eye), which carried out malicious operations using the Facebook platform.

According to experts, the group attacked activists, journalists and dissidents who come from the Xinjiang Uygur Autonomous Region of China and live in Turkey, Kazakhstan, the United States, Syria, Canada and Australia. Attackers used a variety of cyber-espionage techniques to identify victims and infect their devices with tracking malware.

Earth Empusa's malicious operations were well-funded, well-funded, and concealed. The hackers used Facebook primarily to spread links to malicious sites, not the malware itself. From time to time, these operations were suspended in response to countermeasures by both Facebook itself and other companies.

Experts identified the following tactics, techniques and procedures (TTP) used by the group:

  • Selective targeting and exploit protection: Hackers carefully concealed their activities and protected exploits by infecting iOS malware only to users who met certain technical criteria (IP addresses, OS, browser, country and language settings);
  • Compromise and fake news sites: Attackers have faked the domains of popular Uyghur and Turkish news sites. They also hacked legitimate resources frequently visited by victims as part of watering hole attacks. Some of these pages contained malicious Javascript code, reminiscent of the already known exploits that install malware for iOS called INSOMNIA;
  • Social engineering: the group faked accounts on the social network Facebook, allegedly belonging to journalists, activists, human rights defenders;
  • Using third-party app stores: Attackers have created at least one fake Android app store through which they distribute apps containing ActionSpy or PluginPhantom malware;
  • Malware development outsourcing: The group used several malware families created by different developers.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.