Facebook said on Wednesday it had blocked a group of hackers in China who used the platform to target Uighurs living abroad with links to malware that would infect their devices and enable surveillance.
The firm said the hackers, known as Earth Empusa or Evil Eye in the security industry, targeted activists, journalists and dissidents who were predominantly Uighurs.
Facebook said there were less than 500 targets, who were largely from the Xinjiang region but were primarily living abroad in countries including Turkey, Kazakhstan, the US, Syria, Australia and Canada. It said the majority of the hackers’ activity occurred away from Facebook and that they used the site to share links to malicious websites rather than directly sharing the malware on the platform.
FB said the hacking group used fake accounts to pose as fictitious journalists, students, rights advocates or Uighurs to build trust with their targets and trick them into clicking malicious links that would install spying software on their devices. Facebook also found websites created by the group to mimic third-party Android app stores with Uighur-themed apps, like a prayer app, containing malware.
FB said its probe found two Chinese firms, Beijing Best United Technology and Dalian 9Rush Technology had developed the Android tooling deployed by the group. The Chinese embassy in Washington did not respond.