The Chinese government recently arrested a Uyghur hatmaker in the United States. A group of Uyghur activists and journalists, including a student, have been targeted in an operation that has been dubbed as the “Uyghur Hacking Network”. According to the article, the hackers posed as journalists, disrupted a network of China-based hackers, and targeted Uyghur activists and students in the United States.
Chinese hackers targeted Uyghur activists and journalists in the United States
A group of Chinese hackers targeted Uyghur activists and journalists in the United States, according to a report by Facebook. The hackers created fake Facebook accounts posing as journalists, students, and other members of the Uyghur community. They then infected people’s devices with malware. Using a cyber espionage tactic called “watering hole attacks,” the hackers drew users to their malicious links.
This type of attack was designed to snag vast amounts of personal information from their targets. In some cases, it was used to intimidate those critical of the Chinese government. According to Facebook, a sophisticated operation reached people in other countries as well.
Facebook said it blocked the domains and accounts of the Chinese hacking group. The security staff notified people they believed were targeted. It also reported on the cyber espionage campaign 52av.
It found that the group had set up fake websites mimicking popular news sites. These sites included Uyghur news sites. They also infected users’ mobile devices with malicious software.
Chinese hackers disrupted a network of China-based hackers
The Chinese government has used disruptive cyberattacks to enforce censorship policies within its borders. China has also sought the ability to strike critical infrastructure. However, it has refrained from doing so in other countries. During the past few years, a number of cyberattacks have targeted U.S., European and Asian companies.
In January 2022, Chinese hackers broke into German tech and pharma companies. The same group later targeted Iran’s Islamic Culture and Communication Organization and a former U.S. ambassador to Israel.
A similar attack on the National Post Office in Ukraine was discovered in April 2022. The hacker wiped databases and took down six websites. This group was believed to be associated with the Chinese government.
The People’s Daily, a Communist Party newspaper in China, issued an editorial on the attack. It called the attack “web terrorism,” and demanded that the Chinese hackers stop attacking U.S. sites.
Researchers at CrowdStrike found malicious software on two separate computer attacks. They traced the malware to the same command-and-control servers. But the exact scope of the attack is unknown.
Chinese hackers posed as journalists
Chinese hackers have been targeting US journalists for over a year. They have sent malicious emails to major news outlets and to prominent reporters. Proofpoint researchers have been tracking this activity and have released a report detailing the attacks.
Using phishing techniques, these state-backed hackers pose as journalists to collect sensitive information. In addition to stealing credentials and gaining access to the victim’s work email and social media accounts, these actors are also known to spread propaganda in favor of certain political parties.
One of the most prominent state-backed hacking groups is known as “Lazarus Gang,” which has targeted US journalists over the past few years. This group has been linked to a recent ransomware outbreak that shut down the Bank of Bangladesh. Researchers speculate that this group uses its social media accounts to spread propaganda in favor of Turkish President Recep Erdogan.
Another well-known government-backed hacking group is the “Charming Kitten,” which targets journalists using spearphishing emails. These emails purport to come from reputable media brands and are designed to set up conversations.
Chinese hackers targeted students
In a recent cyber espionage campaign, a Chinese hacking group targeted Uyghurs abroad. They targeted dissidents, journalists, and Uyghur activists around the world. Some of the people affected were living in the United States, Canada, Australia, and Turkey. The United States, UK, and Canada issued a joint statement calling for the end of repressive practices against ethnic Uyghurs.
Facebook has publicly disclosed its findings, and the company took down the group’s accounts. While Facebook stopped short of linking the group’s activity to the Chinese government, it did note that the attackers scanned more than 100 U.S. state-level political party domains, which they may have used to build up their network.
Conclusion
According to Facebook’s cybersecurity teams, the hacking group impersonated students, journalists, and human rights advocates. Using fake accounts, they sent people to malicious websites that infected their devices. Many of the victims were dissidents and activists abroad, and Facebook notified them of the attack.
