Facebook announced yesterday that it had taken down a Chinese cyberespionage operation directed principally against "Uyghur activists, journalists & dissidents living abroad in Turkey, Kazakhstan, US, Syria, Australia, Canada & other countries." Facebook's tweet announcing the takedown cited earlier work on the threat actor by Volexity, Project Zero, and Trend Micro (who called the group "Evil Eye"). Facebook said that a lot of the surveillance activity was conducted "off platform," with surveillance installed via maliciously crafted, bogus news articles that falsely represented themselves as media reports in outlets covering news of interest to the Uyghur diaspora. Those links are now blocked on Facebook. The Washington Post notes that the takedown shows that Facebook's intelligence operations are now looking beyond Facebook itself.
On Tuesday the US FBI circulated a flash alert about Mamba ransomware to industry. Mamba now uses a weaponized version of DiskCryptor against its targets.
Huawei has joined the Organization of Islamic Cooperation's Computer Emergency Response Team (CERT-OIC), the first tech company to do so. Malaysia and the UAE sponsored Huawei's membership, Gulf News reports.
Slack, the widely-used business chat application, yesterday introduced a feature that would have allowed messages to be exchanged with people outside the users' organization. It was poorly received, with users seeing the feature as a privacy and security bug. According to Vice, Slack, acknowledging that the decision was "a mistake," is now backtracking and limiting the new feature's scope. Many organizations aren't waiting for the walkback, and are limiting the feature themselves, the Record reports.