Facebook has taken down numerous accounts they witnessed being used by Chinese state-sponsored threat actors. The accounts were linked to the threat actor known as EarthEmpusa or Evil Eye. The groups were using Facebook to target Uyghur activists, journalists, and dissidents living outside of China. The group would trick users into visiting compromised websites they had control of in watering hole attacks to infect iOS devices with PosionCarp or INSOMNIA spyware. To infect Android users, the group would utilize malicious apps to trick people into downloading trojanized versions of apps that contained hidden malware known as ActionSpy and PluginPhantom. The two malware strains for Android were linked to two Chinese companies, Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), who developed the malware.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security