Facebook has taken down numerous accounts they witnessed being used by Chinese state-sponsored threat actors. The accounts were linked to the threat actor known as EarthEmpusa or Evil Eye. The groups were using Facebook to target Uyghur activists, journalists, and dissidents living outside of China. The group would trick users into visiting compromised websites they had control of in watering hole attacks to infect iOS devices with PosionCarp or INSOMNIA spyware. To infect Android users, the group would utilize malicious apps to trick people into downloading trojanized versions of apps that contained hidden malware known as ActionSpy and PluginPhantom. The two malware strains for Android were linked to two Chinese companies, Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), who developed the malware.
Analyst Notes
Facebook has been cracking down on hacking groups using their platform in the past years. In December 2020, the company took down accounts associated with APT32, a threat group from Vietnam. Facebook’s efforts to take down these groups have been successful but due to the number of threat actors that use social media to target people, the social media platforms cannot protect everyone. Users of social media need to understand the threat that lies within the platforms and use security best practices when interacting on the websites. These include not clicking on ad links or any links that are sent directly to someone, and being careful not to install mobile apps from untrusted sources.
More can be read here: https://www.bleepingcomputer.com/news/security/facebook-blocks-chinese-state-hackers-targeting-uyghur-activists
