Chinese hackers used Facebook to target Uighurs abroad, says the technology giant

Facebook Inc. said on Wednesday that it had blocked a group of hackers in China who used the platform to target Uighurs living abroad with links to malicious code that would infect their devices and enable surveillance.

The social media company said the hackers, known as Earth Empusa or Evil Eye in the security industry, targeted activists, journalists and dissidents who were predominantly Uighurs, a largely Muslim ethnic group facing persecution in China.

Facebook said there were less than 500 targets, largely from the Xinjiang region but mainly living abroad in countries such as Turkey, Kazakhstan, the United States, Syria, Australia and Canada.

It is said that the majority of the hackers’ activity occurred from Facebook and that they used the website to share links to malicious websites rather than directly sharing malicious code on the platform.

“This activity had the hallmarks of a good resource and sustained operation, while obscuring who is behind it,” said Facebook investigators in cybersecurity in a blog post.

Facebook said the hacking group used fake Facebook accounts to pose as fictional journalists, students, human rights defenders or members of the Uighur community to build trust in their targets and trick them into clicking malicious links.

It said hackers set up both malicious websites with similar domains for popular Uighur and Turkish news sites and compromised legitimate websites that the targets visited. Facebook also found websites created by the group to mimic third-party Android app stores with Uighur-themed apps, such as a prayer button and dictionary app, which contains malicious code.

Facebook said the investigation found that two Chinese companies, Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), had developed the Android tool used by the group.

The Chinese embassy in Washington did not immediately return a message commenting on the Facebook report. Beijing routinely denies allegations of cyber espionage.

Reuters could not immediately find contact information for Dalian 9Rush Technology Co Ltd. A man who answered the number listed for Beijing Best United Technology Co Ltd hung up.

Facebook said it had removed the group’s accounts, which numbered less than 100, and had blocked the sharing of the malicious domains and notified people they thought were targets.