China’s attempt to spy on Uyghur dissidents
Facebook has found a sophisticated espionage campaign conducted by Chinese hackers that tried to trick pro Uyghur activists around the world into downloading malicious software that would allow surveillance of their devices.
The revelations have come after growing concern from the US and its allies about China’s repression of 1m Uyghurs in Xianjing, which politicians and leader alike have referred to as a ‘genocide’. The operation, which was attributed to a known Chinese hacking group by Facebook, created fake versions of news websites popular in Uyghur communities and injected them with malicious software
Users who clicked on the sites would then unknowingly download the malware, allowing the hackers access to their devices. In other times, the hackers hid malware in certain pages of websites that are frequently visited by their targets, and in malicious apps they created in fake versions of app stores. It was revealed that the number of targets were less than 500 across the world.
It is yet to be determined that out of these targets how many actually got hacked. The victims were mostly Uyghur dissidents, journalists and activists from Xinjiang who are now based outside of China, in countries including the US, Turkey, Kazakhstan, Canada and Australia among others. Fake accounts on Facebook, that impersonated Journalists, students and human rights activists and other Uyghur community members were used to share links to the malware filled sites and apps.
There is evidence present that suggests that this campaign has been going on since 2019. Clearly, China has been caught with its pants down yet again. Most analysts agree that this could be the work of state sponsored hackers.
This activity had the hallmark of a well resourced and persistent operation while hiding who was behind it. The name of the hacking group is Earth empusa or Evil eye. In all probability this group is backed by the chinese communist government.
The US, EU, UK and Canada this week co-ordinated the imposition of sanctions on several Chinese Communist party officials for their role in the genocide of Uyghurs in Xinjiang. This move marks the growing concern from the west over vast detention camps in this north western province.
Antony Blinken, US secretary of state, has called the repression as “genocide” and the Biden administration has made it clear that it will take a hard line against Beijing over human rights issues including possible offences in Xinjiang.
Canadian and Dutch parliaments too have passed resolutions declaring that China is committing a genocide. Some lawmakers are also saying that countries should boycott the Winter Olympics that are scheduled to be held in Chins next year unless the international Olympic committee moves the games elsewhere.
The malware strains used by the attackers had different capabilities from allowing attackers to monitor a phones use to being able to turn on a device’s camera and microphone. Facebook said it was taking action to stop the network by blocking its infrastructure and the malicious links from its platform. The victims are also being alerted. Two Chinese vendors – Beijjng best United technology and dalian 9rush tech were behind the development of the malware tools.