Chinese hackers used Facebook to target Uighur activists with malware
March 25, 2021 4 Comments

CHINESE HACKERS USED FAKE Facebook accounts to target individual activists in the expatriate Uighur community and infect their personal communications devices with malware, according to Facebook. The social media company said on Wednesday that the coordinated operation targeted approximately 500 Uighur activists living in the United States, Canada, Australia, Syria, Turkey and Kazakhstan.
At least 12 million Uighurs, most of them Muslims, live in China’s Xinjiang region, which is among the most impoverished in the country. The Chinese state is currently engaged in a campaign to quell separatist tendencies among some Uighurs, while forcibly integrating the region’s population into mainstream culture through a state-run program of forcible assimilation. It is believed that at least a million Uighurs are currently living in detention camps run by the Communist Party of China, ostensibly for “re-education”. Meanwhile, thousands of Uighur expatriates, most of whom live in Kazakhstan and Turkey, are engaged in a concerted campaign aimed at airing human-rights violations occurring in the Chinese detention camps throughout Xinjiang.
According to Facebook, Chinese hackers set up around 100 accounts of fake personas claiming to be journalists with an interest in reporting on human rights, or pro-Uighur activists. They then befriended actual Uighur activists on Facebook and directed them to fake websites that were designed to resemble popular Uighur news agencies and pro-activist websites. However, these websites were carriers of malware, which infected the personal communications devices of those who visited them. Some Facebook users were also directed to fake smartphone application stores, from where they downloaded Uighur-themed applications that contained malware.
Facebook said it was able to detect and disrupt the fake account network, which has now been neutralized. It also said it was able to block all fake domains associated with the hacker group, and notified users who were targeted by the hackers. It added that its security experts were not able to discern direct connections between the hackers an the Chinese state.
► Author: Joseph Fitsanakis | Date: 25 March 2021 | Permalink

A WEB SERVER BASED in Holland and owned by a company registered in Cyprus is being used by the Iranian government to spy on its critics abroad, according to Dutch public radio. The information about Iranian espionage was
THE INSURGENTS WHO STORMED the United States Capitol Building Complex on January 6 may have unwittingly provided cover for teams of foreign spies, who could have stolen or compromised sensitive electronic equipment. This largely neglected security-related aspect of the attack is discussed in an
A large-scale cyberespionage attack targeting United States government computer systems, which some experts 


Belarus experienced large-scale cyberattacks that crippled many government websites, while parts of the Internet were inoperative during a national election on Sunday, as large-scale demonstrations
Computer hackers working for North Korea launched cyberattacks against carefully selected officials of national delegations belonging to the United Nations Security Council, according to a soon-to-be released report. The report is expected to be submitted early next month to the UN Security Council Sanctions Committee on North Korea.
The United States Central Intelligence Agency was secretly authorized by the White House in 2018 to drastically expand its offensive cyber operation program —a development that some experts describe as a significant development for the secretive spy agency. However, the move has reportedly not pleased the Department of Defense, which sees itself as the primary conduit of American offensive operations in cyberspace.
A cyberattack, coupled with a disinformation campaign, targeted the computer systems of the United States Department of Health and Human Services (HHS), in what officials believe was an effort to undermine America’s response to the coronavirus pandemic.
A leading Chinese cybersecurity firm has accused the United States Central Intelligence Agency of using sophisticated malicious software to hack into computers belonging to the Chinese government and private sector for over a decade.






US government takes control of Internet domains used by SolarWinds hackers
June 3, 2021 by Joseph Fitsanakis Leave a comment
THE UNITED STATES GOVERNMENT has taken control of two Internet domains used last month in a large-scale phishing campaign by the same Russian-linked hacker group that was behind SolarWinds. The Department of Justice said on Tuesday it seized the two domains, theyardservice[.]com and worldhomeoutlet[.]com, on May 28, following a decision by a US court that authorized the action.
The large-scale attack was detected on May 25, and was delivered in over 3,000 emails sent from a compromised account belonging to the United States Agency for International Development (USAID). The compromised account was paired with the services of a legitimate email marketing company called Constant Contact. It was subsequently used to deliver phishing emails to the employees of over 150 organizations worldwide, most of them American.
The phishing emails featured an official USAID logo, beneath which was an embedded link to a purported “USAID Special Alert” titled “Donald Trump has published new documents on election fraud”. The link sent users to one of the two illicit subdomains, which infected victim machines with malware. The latter created a back door into infected computers, which allowed the hackers to maintain a constant presence in the compromised systems.
According to Microsoft Corporation, the hackers behind the phishing attack originated from the same group that orchestrated the infamous SolarWinds hack in 2020. The term refers to a large-scale breach of computer systems belonging to the United States federal government and to organizations such as the European Union and the North Atlantic Treaty Organization. The threat actor behind the attack is referred to by cybersecurity experts as APT29 or Nobelium, among other names.
Speaking on behalf of the US Department of Justice’s National Security Division, Assistant Attorney General John C. Demers said on Tuesday that the seizure of the two Internet domains demonstrated the Department’s “commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation”.
► Author: Joseph Fitsanakis | Date: 03 June 2021 | Permalink
Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with APT29, computer hacking, cyber security, News, Nobelium, phishing, United States, US Department of Justice, US Department of Justice National Security Division, USAID